Critical Code Execution Vulnerabilities in Oracle Linux nginx

Oracle Linux versions 8 and 9 have been found vulnerable to multiple critical code execution and denial of service vulnerabilities in nginx. The vulnerabilities include CVE-2026-42945, which allows arbitrary code execution, and CVE-2026-9256, which enables denial of service through specially crafted requests. These vulnerabilities affect systems running nginx versions 1.20 and 1.24, with potential impacts on service availability and system integrity. The vulnerabilities were disclosed on May 13 and May 22, 2026, respectively, with proof-of-concept (PoC) exploits available shortly after. Users are urged to update their systems to mitigate these risks. The vulnerabilities are particularly concerning due to their potential for exploitation in production environments. Current advisories recommend immediate action to patch affected systems.

Key Points: • Oracle Linux 8 and 9 are affected by critical nginx vulnerabilities. • CVE-2026-42945 and CVE-2026-9256 allow for code execution and denial of service. • Immediate patching is recommended to mitigate exploitation risks.