Data injection via man-in-the-middle attack on TLS proxied connections
Summary
Data injection via man-in-the-middle attack on TLS proxied connections. Red Hat rates this moderate (CVSS 5.9). Weakness: CWE-349. Affected package(s): nginx-main, nginx, nginx:1.24, discovery/discovery-ui-rhel9:1773273070, nginx:1.26, rhui5/rhua-rhel9:1776868842. Resolved in Red Hat advisory RHSA-2026:6408 — update the affected packages (`sudo dnf update`).
- nginx-main-1.30.0-1.hum1
- nginx-2:1.20.1-24.el9_7.1
- nginx:1.24-9060020260327134414.9
- nginx-2:1.26.3-1.el10_0.3
- discovery/discovery-ui-rhel9:1773273070
- nginx:1.26-9070020260219144748.9
- nginx:1.24-9040020260331102155.9
- nginx-1:1.20.1-14.el9_2.4
- nginx:1.26-9060020260331094920.9
- nginx-2:1.26.3-2.el10_1
- rhui5/rhua-rhel9:1776868842
- rhui5/cds-rhel9:1773670073
Official advisory · high-confidence parse· fetched 6 hours ago·verify at source
- RHSA-2026:6408
Official advisory · high-confidence parse· fetched 6 hours ago·verify at source
Mitigation checklist
- Update the affected package(s) to the fixed version shipped in RHSA-2026:6408 (`sudo dnf update` / `yum update`).
Official advisory · high-confidence parse· fetched 6 hours ago·verify at source
Discussion(0)
No comments yet. Share field notes, upgrade gotchas, or questions — verify against the vendor advisory before acting on community advice.
Sign in to join the discussion.