Ubuntu Security Notices USN-8038-1 USN-8038-1: nginx vulnerability Publication date 12 February 2026 Overview nginx could be made to insert content into proxied server data. Releases 25.10 24.04 LTS 22.04 LTS Packages nginx - small, powerful, scalable web/proxy server Details It was discovered that nginx incorrectly handled proxying to upstream TLS servers. An attacker could possibly use this issue to insert plain text data into the response from an upstream proxied server. It was discovered that nginx incorrectly handled proxying to upstream TLS servers. An attacker could possibly use this issue to insert plain text data into the response from an upstream proxied server. Update instructions In general, a standard system update will make all the necessary changes. Learn more about how to get the fixes. The problem can be corrected by updating your system to the following package versions: Ubuntu Release Package Version 25.10 questing nginx – 1.28.0-6ubuntu1.1 nginx-core – 1.28.0-6ubuntu1.1 nginx-extras – 1.28.0-6ubuntu1.1 nginx-full – 1.28.0-6ubuntu1.1 nginx-light – 1.28.0-6ubuntu1.1 24.04 LTS noble nginx – 1.24.0-2ubuntu7.6 nginx-core – 1.24.0-2ubuntu7.6 nginx-extras – 1.24.0-2ubuntu7.6 nginx-full – 1.24.0-2ubuntu7.6 nginx-light – 1.24.0-2ubuntu7.6 22.04 LTS jammy nginx – 1.18.0-6ubuntu14.8 nginx-core – 1.18.0-6ubuntu14.8 nginx-extras – 1.18.0-6ubuntu14.8 nginx-full – 1.18.0-6ubuntu14.8 nginx-light – 1.18.0-6ubuntu14.8 Reduce your security exposure Ubuntu Pro provides ten-year security coverage to 25,000+ packages in Main and Universe repositories, and it is free for up to five machines. Get Ubuntu Pro References CVE-2026-1642 CVE-2026-1642