AZL-76745

See a problem?

Import Source

https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-76745.json

JSON Data

https://api.test.osv.dev/v1/vulns/AZL-76745

Upstream

CVE-2026-1642

Published

2026-02-04T15:16:14Z

Modified

2026-04-01T05:22:58.792040Z

Summary

CVE-2026-1642 affecting package nginx for versions less than 1.22.1-15

Details

A vulnerability exists in NGINX OSS and NGINX Plus when configured to proxy to upstream Transport Layer Security (TLS) servers. An attacker with a man-in-the-middle (MITM) position on the upstream server side—along with conditions beyond the attacker's control—may be able to inject plain text data into the response from an upstream proxied server. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

References

https://nvd.nist.gov/vuln/detail/CVE-2026-1642

Affected packages

Azure Linux:2 / nginx

Package

Name: nginx
Purl: pkg:rpm/azure-linux/nginx

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.22.1-15

Database specific

source

"https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-76745.json"