F5 Patches Critical NGINX Vulnerabilities Enabling Unauthenticated Code Execution

F5 has released emergency patches for critical vulnerabilities in NGINX, specifically addressing CVE-2026-42530 and CVE-2026-42055, which have a CVSS score of 9.2¹. These flaws, affecting HTTP modules, can be remotely exploited without authentication, leading to memory corruption and potentially enabling arbitrary code execution or causing service restarts. The CVE-2026-42530 vulnerability is a critical Use-After-Free bug, which can be leveraged by attackers to execute malicious code. Given the high severity of these vulnerabilities, users are advised to apply the patches immediately to prevent potential exploitation. The disclosure of CVE-2026-42530 expands the active attack surface, making it essential for organizations to prioritize patching based on their exposure and existing exploitation evidence. This vulnerability matters to practitioners as it highlights the need for prompt action to prevent unauthenticated code execution, which can have severe consequences for system security.