CVE-2026-42530: Nginx 1.30.2 and Nginx 1.31.2(www.cve.org)
4 pointsby petecooper8 hours ago1 comment
  • cpburns20098 hours ago
    > When NGINX Open Source is configured to use the HTTP/3 QUIC module, a remote unauthenticated attacker along with conditions beyond their control can use a specially crafted HTTP/3 session to reopen a QPACK encoder stream.

    Emphasis is mine. How much heavy lifting is this phrase doing?

    • johng4 hours ago
      Definitely interested in this as well.