Copyright © 2012 Red Hat, Inc. All rights reserved. Moderate 2026-05-13T14:12:44 nginx: ngx_http_scgi_module: ngx_http_uwsgi_module: information disclosure and denial of service 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:L CWE-823

A flaw was found in the ngx_http_scgi_module and ngx_http_uwsgi_module modules of NGINX. When scgi_pass or uwsgi_pass is configured, an unauthenticated attacker able to intercept and modify network traffic via a Man-In-The-Middle (MITM) attack and control the responses from an upstream server may be able to read sensitive data from the worker process or cause a denial of service by forcing the process to restart.

To exploit this issue, an attacker needs to be able to control the responses from SCGI or uWSGI backend servers via a Man-In-The-Middle (MITM) attack, limiting its exposure. Also, this vulnerability allows an attacker to read sensitive data from the memory of the worker process or cause a denial of service by forcing the process to restart, but it cannot cause a complete system denial of service. Due to these reasons, this flaw has been rated with a moderate severity. To mitigate this flaw, ensure that the connection between NGINX and the backend SCGI/uWSGI servers is fully encrypted and authenticated, preventing the interception and manipulation of responses required to exploit this vulnerability. Red Hat Enterprise Linux 10 Fix deferred nginx Red Hat Enterprise Linux 8 Fix deferred nginx:1.24/nginx Red Hat Enterprise Linux 9 Fix deferred nginx Red Hat Enterprise Linux 9 Fix deferred nginx:1.24/nginx Red Hat Enterprise Linux 9 Fix deferred nginx:1.26/nginx Red Hat Hardened Images Not affected nginx Red Hat Lightspeed proxy 1 Fix deferred insights-proxy/insights-proxy-container-rhel9 https://www.cve.org/CVERecord?id=CVE-2026-42946 https://nvd.nist.gov/vuln/detail/CVE-2026-42946 https://my.f5.com/manage/s/article/K000161027