NGINX 1.31.2 / 1.30.3 patches HTTP/3 UAF (CVE-2026-42530) and two more
F5 shipped NGINX 1.31.2 and 1.30.3 on June 17 fixing a use-after-free in the HTTP/3 module, a heap overflow in proxy_v2/grpc, and a buffer overread in charset.
F5 shipped NGINX 1.31.2 and 1.30.3 on June 17 fixing a use-after-free in the HTTP/3 module, a heap overflow in proxy_v2/grpc, and a buffer overread in charset.