CVE-2026-1642 Publication date 4 February 2026 Last updated 12 February 2026 Ubuntu priority Why this priority? Cvss 3 Severity Score Score breakdown Description A vulnerability exists in NGINX OSS and NGINX Plus when configured to proxy to upstream Transport Layer Security (TLS) servers. An attacker with a man-in-the-middle (MITM) position on the upstream server side—along with conditions beyond the attacker's control—may be able to inject plain text data into the response from an upstream proxied server. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. Status Show unmaintained releases Package Ubuntu Release Status nginx 25.10 questing Fixed 1.28.0-6ubuntu1.1 24.04 LTS noble Fixed 1.24.0-2ubuntu7.6 22.04 LTS jammy Fixed 1.18.0-6ubuntu14.8 20.04 LTS focal Needs evaluation 18.04 LTS bionic Needs evaluation 16.04 LTS xenial Needs evaluation 14.04 LTS trusty Needs evaluation How can I get the fixes? What do statuses mean? Patch details Patch details For informational purposes only. We recommend not to cherry-pick updates. How can I get the fixes? Package Patch details nginx Upstream: 784fa05 Severity score breakdown Parameter Value Base score 5.9 · Medium Attack vector Network Attack complexity High Privileges required None User interaction None Scope Unchanged Confidentiality None Integrity impact High Availability impact None Vector CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N References MITRE NVD Launchpad Debian Related Ubuntu Security Notices (USN) USN-8038-1 nginx vulnerability 12 February 2026 Other references https://www.cve.org/CVERecord?id=CVE-2026-1642 https://www.openwall.com/lists/oss-security/2026/02/05/1 https://my.f5.com/manage/s/article/K000159824