Copyright © 2012 Red Hat, Inc. All rights reserved.
Moderate
2026-05-13T14:12:43
nginx: ngx_http_ssl_module: data corruption and denial of service
4.8
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L
CWE-416
A flaw was found in the ngx_http_ssl_module module of NGINX. When the ssl_verify_client directive is set to "on" or "optional" and the ssl_ocsp directive is enabled or its leaf parameters are configured with a resolver, an unauthenticated attacker can send crafted requests to cause a use-after-free issue in the worker process, resulting in a limited modification of memory data or a denial of service by forcing the process to restart.
To exploit this flaw, the ssl_verify_client directive must be set to "on" or "optional" and the ssl_ocsp directive must be enabled or its leaf parameters configured with a resolver, limiting its exposure as this is not the default configuration. This issue allows an attacker to have limited control to modify memory data from the worker process or cause a denial of service by forcing the process to restart, but it cannot cause a complete system denial of service. Due to these reasons, this flaw has been rated with a moderate severity.
To mitigate this issue, specifically set the OCSP responder using the ssl_ocsp_responder directive or switch from live OCSP validation to static CRL files using the ssl_crl directive. If neither configuration is possible, using a local DNS server to cache and quickly resolve OCSP responder names can reduce the probability of exploitation.
Red Hat Enterprise Linux 10
Fix deferred
nginx
Red Hat Enterprise Linux 8
Fix deferred
nginx:1.24/nginx
Red Hat Enterprise Linux 9
Fix deferred
nginx
Red Hat Enterprise Linux 9
Fix deferred
nginx:1.24/nginx
Red Hat Enterprise Linux 9
Fix deferred
nginx:1.26/nginx
Red Hat Hardened Images
Not affected
nginx
Red Hat Lightspeed proxy 1
Fix deferred
insights-proxy/insights-proxy-container-rhel9
https://www.cve.org/CVERecord?id=CVE-2026-40701
https://nvd.nist.gov/vuln/detail/CVE-2026-40701
https://my.f5.com/manage/s/article/K000161021