CVE-2026-8711

NGINX JavaScript has a vulnerability when the js_fetch_proxy directive is configured with at least one client-controlled NGINX variable (for example, $http_*, $arg_*, $cookie_*) and a location invoking the ngx.fetch() operation from NGINX JavaScript. An unauthenticated attacker can exploit this vulnerability by sending crafted HTTP requests. This may cause a heap buffer overflow in the NGINX worker process leading to a restart. Additionally, attackers can execute code on systems with Address Space Layout Randomization (ASLR) disabled or when the attacker can bypass ASLR. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

CVSS v3 8.1 HIGH

8.1^/10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 2.2 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity HIGH

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://my.f5.com/manage/s/article/K000161307	Vendor Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:f5:njs:*:*:*:*:*:*:*:*

History

04 Jun 2026, 13:29

Type	Values Removed	Values Added
CPE		cpe:2.3:a:f5:njs::::::::
First Time		F5 F5 njs
References	~~() https://my.f5.com/manage/s/article/K000161307 -~~	() https://my.f5.com/manage/s/article/K000161307 - Vendor Advisory

21 May 2026, 19:16

Type	Values Removed	Values Added
Summary	(en) NGINX JavaScript has a vulnerability when the js_fetch_proxy directive is configured with at least one client-controlled NGINX variable (for example, $http_, $arg_, $cookie_*) and a location invoking the ngx.fetch() operation from NGINX JavaScript. An unauthenticated attacker can exploit this vulnerability by sending crafted HTTP requests. This may cause a heap buffer overflow in the NGINX worker process leading to a restart. Additionally, for systems with Address Space Layout Randomization (ASLR) disabled, code execution is possible. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.	(en) NGINX JavaScript has a vulnerability when the js_fetch_proxy directive is configured with at least one client-controlled NGINX variable (for example, $http_, $arg_, $cookie_*) and a location invoking the ngx.fetch() operation from NGINX JavaScript. An unauthenticated attacker can exploit this vulnerability by sending crafted HTTP requests. This may cause a heap buffer overflow in the NGINX worker process leading to a restart. Additionally, attackers can execute code on systems with Address Space Layout Randomization (ASLR) disabled or when the attacker can bypass ASLR. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

19 May 2026, 15:16

Type	Values Removed	Values Added
New CVE

Information

Published : 2026-05-19 15:16

Updated : 2026-06-04 13:29

NVD link : CVE-2026-8711

Mitre link : CVE-2026-8711

CVE.ORG link : CVE-2026-8711

JSON object : View

Products Affected

CWE

CWE-122

Heap-based Buffer Overflow

8.1 /10