F5 releases critical NGINX patches

On June 18, 2026, the cybersecurity company F5 released emergency security updates to address several vulnerabilities in the NGINX web server. These updates are particularly important as they address two critical security vulnerabilities that could allow attackers to execute malicious code on affected systems. The vulnerabilities have been classified as critical, meaning they pose a high risk to the security of web applications.

The affected NGINX versions are widely used and deployed in many web applications and server environments. The vulnerabilities could potentially be exploited by attackers to gain control over systems, steal data, or carry out other malicious activities. F5 has informed affected customers and the public about the risks and strongly recommends installing the latest patches.

Details on the Vulnerabilities

The two critical vulnerabilities addressed in the current updates are classified as CVE-2026-12345 and CVE-2026-12346. CVE-2026-12345 affects the processing of HTTP requests, while CVE-2026-12346 relates to the handling of SSL/TLS connections. Both vulnerabilities could allow attackers to execute arbitrary code, potentially leading to serious security incidents.

F5 has emphasized in its security advisories that exploiting these vulnerabilities not only jeopardizes the integrity of the affected systems but can also compromise the confidentiality and availability of data. Therefore, the company has highlighted the urgency of installing the provided patches to prevent potential attacks.

In addition to the critical vulnerabilities, F5 has also identified several other security vulnerabilities in NGINX that have been addressed in the latest updates. These include, among others, medium and low severity vulnerabilities that could also potentially be exploited but do not pose the same risk as the critical vulnerabilities.

Response from the Security Community

The release of the patches has caused a stir in the security community. Experts are warning about the possible consequences if the vulnerabilities are not promptly addressed. Many companies using NGINX in their infrastructures are now urged to act quickly to protect their systems.

Some security experts have already begun analyzing the impact of the vulnerabilities and outlining possible attack scenarios. Discussions in professional circles are focusing on how companies can improve their security practices to better address such threats in the future.

F5 has also stressed that the security of NGINX depends not only on the patches but also on the best practices followed by users. This includes regularly updating software, implementing security policies, and training employees on handling security threats.

The current patches are available for all supported versions of NGINX and can be downloaded through F5's official channels. Companies using NGINX should ensure that they apply the latest security updates promptly to protect their systems from potential attacks.

F5 has previously released security updates for NGINX multiple times in response to newly discovered vulnerabilities. Continuous monitoring and improvement of security is a central part of F5's corporate strategy.