CVE-2026-8711

NGINX · JavaScript (njs)

NGINX JavaScript is vulnerable when the js_fetch_proxy directive uses client-controlled variables, potentially leading to unauthorized proxy behavior or information disclosure.

Executive summary

A vulnerability in the NGINX JavaScript (njs) module allows for improper proxy configuration, posing a significant risk of unauthorized request routing or data exposure.

Vulnerability

The vulnerability exists within the js_fetch_proxy directive when configured with client-controlled NGINX variables (e.g., $http_*, $arg_*, $cookie_*). This flaw allows unauthenticated remote attackers to influence proxy behavior, potentially facilitating unauthorized access or SSRF-like conditions.

Business impact

Successful exploitation of this vulnerability could lead to the compromise of internal network resources or the exfiltration of sensitive data routed through the proxy. With a CVSS score of 8.1, this represents a High severity risk that could result in significant reputational damage and service disruption if the proxy infrastructure is successfully manipulated.

Remediation

Immediate Action: Review your nginx.conf files to identify instances where js_fetch_proxy utilizes client-controlled variables and restrict these configurations until a vendor patch is applied.

Proactive Monitoring: Monitor NGINX access and error logs for unusual request patterns, particularly those involving unexpected header modifications or proxy destination anomalies.

Compensating Controls: Implement strict input validation or use a Web Application Firewall (WAF) to sanitize incoming request parameters before they are processed by the NGINX JavaScript module.

Exploitation status

Public Exploit Available: false

Analyst recommendation

Given the High severity score, administrators should prioritize auditing their NGINX configurations immediately to identify potentially vulnerable js_fetch_proxy implementations. Apply vendor-provided security patches as soon as they become available to eliminate the underlying risk.