https://community.checkpoint.com/t5/WAF/New-NGINX-Vulnerability-CVE-2026-8711-Check-Point-Managed-NGINX/m-p/277266#M407 <P><FONT face="arial black,avant garde"><STRONG data-olk-copy-source="MessageBody">Description</STRONG></FONT></P> <P>A recently disclosed vulnerability affecting NGINX JavaScript (njs) has generated industry attention due to the potential for buffer overflow conditions in vulnerable deployments.</P> <P>The vulnerability impacts NGINX JavaScript (njs) versions 0.9.4 through 0.9.8, with remediation introduced in njs version 0.9.9. Public reporting indicates that vulnerable environments may be exposed to denial-of-service conditions and, under certain circumstances, possible remote code execution.</P> <P><FONT face="arial black,avant garde" color="#000000"><STRONG>Check Point Statement Regarding NGINX Vulnerability CVE-2026-8711</STRONG></FONT></P> <P>Check Point-managed NGINX deployments are not affected by<SPAN>&nbsp;</SPAN><A id="OWA346cc779-13f5-7871-0aa0-e8d8f248d9d6" class="x_OWAAutoLink" title="https://www.cve.org/CVERecord?id=CVE-2026-8711" href="https://www.cve.org/CVERecord?id=CVE-2026-8711" data-linkindex="0" data-auth="NotApplicable" target="_blank">CVE-2026-8711</A>.</P> <P>The vulnerability affects NGINX JavaScript (njs) versions 0.9.4 through 0.9.8. Check Point-managed deployments use a version outside the affected range and do not contain the vulnerable code path associated with this issue.</P> <P>At this time, no action is required for customers using Check Point-managed NGINX deployments.</P> <P>Nevertheless, updated images including the latest supported NGINX components will be released shortly (the new release will be addressing both CVE-2026-8711 and CVE-2026-42945) as part of Check Point’s ongoing security and software maintenance process (see<SPAN>&nbsp;</SPAN><A id="OWA426ff4c8-a501-02df-6124-afe9324bd662" class="x_OWAAutoLink" title="https://community.checkpoint.com/t5/WAF/NGINX-CVE-2026-42945-Check-Point-Managed-NGINX-Deployments-Not/td-p/277141" href="https://community.checkpoint.com/t5/WAF/NGINX-CVE-2026-42945-Check-Point-Managed-NGINX-Deployments-Not/td-p/277141" data-linkindex="1" data-auth="NotApplicable" target="_blank">Check Point’s statement on CVE-2026-42945</A>)</P> <P>Organizations operating independently managed NGINX environments should review their deployed njs versions and apply vendor-recommended updates and mitigations where applicable.</P> <P>Check Point continues to monitor relevant security advisories and assess their potential impact on managed services and customer deployments.</P> <P class="x_MsoNormal">For any questions or additional guidance, please contact your Check Point representative. Check Point remains committed to keeping customers secure and staying ahead of emerging vulnerabilities.</P> <P class="x_MsoNormal" aria-hidden="true">&nbsp;</P> Thu, 21 May 2026 08:27:49 GMT Vani 2026-05-21T08:27:49Z https://community.checkpoint.com/t5/WAF/New-NGINX-Vulnerability-CVE-2026-8711-Check-Point-Managed-NGINX/m-p/277266#M407 <P><FONT face="arial black,avant garde"><STRONG data-olk-copy-source="MessageBody">Description</STRONG></FONT></P> <P>A recently disclosed vulnerability affecting NGINX JavaScript (njs) has generated industry attention due to the potential for buffer overflow conditions in vulnerable deployments.</P> <P>The vulnerability impacts NGINX JavaScript (njs) versions 0.9.4 through 0.9.8, with remediation introduced in njs version 0.9.9. Public reporting indicates that vulnerable environments may be exposed to denial-of-service conditions and, under certain circumstances, possible remote code execution.</P> <P><FONT face="arial black,avant garde" color="#000000"><STRONG>Check Point Statement Regarding NGINX Vulnerability CVE-2026-8711</STRONG></FONT></P> <P>Check Point-managed NGINX deployments are not affected by<SPAN>&nbsp;</SPAN><A id="OWA346cc779-13f5-7871-0aa0-e8d8f248d9d6" class="x_OWAAutoLink" title="https://www.cve.org/CVERecord?id=CVE-2026-8711" href="https://www.cve.org/CVERecord?id=CVE-2026-8711" data-linkindex="0" data-auth="NotApplicable" target="_blank">CVE-2026-8711</A>.</P> <P>The vulnerability affects NGINX JavaScript (njs) versions 0.9.4 through 0.9.8. Check Point-managed deployments use a version outside the affected range and do not contain the vulnerable code path associated with this issue.</P> <P>At this time, no action is required for customers using Check Point-managed NGINX deployments.</P> <P>Nevertheless, updated images including the latest supported NGINX components will be released shortly (the new release will be addressing both CVE-2026-8711 and CVE-2026-42945) as part of Check Point’s ongoing security and software maintenance process (see<SPAN>&nbsp;</SPAN><A id="OWA426ff4c8-a501-02df-6124-afe9324bd662" class="x_OWAAutoLink" title="https://community.checkpoint.com/t5/WAF/NGINX-CVE-2026-42945-Check-Point-Managed-NGINX-Deployments-Not/td-p/277141" href="https://community.checkpoint.com/t5/WAF/NGINX-CVE-2026-42945-Check-Point-Managed-NGINX-Deployments-Not/td-p/277141" data-linkindex="1" data-auth="NotApplicable" target="_blank">Check Point’s statement on CVE-2026-42945</A>)</P> <P>Organizations operating independently managed NGINX environments should review their deployed njs versions and apply vendor-recommended updates and mitigations where applicable.</P> <P>Check Point continues to monitor relevant security advisories and assess their potential impact on managed services and customer deployments.</P> <P class="x_MsoNormal">For any questions or additional guidance, please contact your Check Point representative. Check Point remains committed to keeping customers secure and staying ahead of emerging vulnerabilities.</P> <P class="x_MsoNormal" aria-hidden="true">&nbsp;</P> Thu, 21 May 2026 08:27:49 GMT https://community.checkpoint.com/t5/WAF/New-NGINX-Vulnerability-CVE-2026-8711-Check-Point-Managed-NGINX/m-p/277266#M407 Vani 2026-05-21T08:27:49Z