New NGINX Vulnerability Allows Remote Attackers to Trigger Malicious Code

A new vulnerability in NGINX JavaScript (njs), tracked as CVE‑2026‑8711, allows unauthenticated remote attackers to trigger a heap‑based buffer overflow that can lead to denial‑of‑service and, in some conditions, remote code execution in the NGINX worker process. The flaw is tied to how the js_fetch_proxy directive handles client‑controlled variables when combined with the ngx.fetch() operation […] The post New NGINX Vulnerability Allows Remote Attackers to Trigger Malicious Code appeared first on Cyber Security News.