It was discovered that nginx did not properly validate source addresses in the HTTP/3 QUIC module. A remote attacker could possibly use this issue to bypass authorization checks or rate limiting. This issue only affected Ubuntu 25.04 and Ubuntu 25.10. (CVE-2026-40460) It was discovered that nginx contained a use-after-free vulnerability in the ngx_http_ssl_module module when client certificate ve
Ubuntu 22.04/20.04 LTS
Vulnerability
CVE-2026-40460
Ubuntu Security
Refer to CVE-2026-40460 NVD advisory