<?xml version="1.0" encoding="UTF-8"?>
<rss xmlns:content="http://purl.org/rss/1.0/modules/content/" xmlns:dc="http://purl.org/dc/elements/1.1/" xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#" xmlns:taxo="http://purl.org/rss/1.0/modules/taxonomy/" version="2.0">
  <channel>
    <title>topic Re: NGINX CVE-2026-42055: All Check Point WAF Deployments Protected by Default in WAF</title>
    <link>https://community.checkpoint.com/t5/WAF/NGINX-CVE-2026-42055-All-Check-Point-WAF-Deployments-Protected/m-p/279187#M418</link>
    <description>&lt;P&gt;Hi Vani,&lt;/P&gt;&lt;P&gt;I didn't try, but is it possible to increase the maximun header size to 2MB or higher from the portal? We had to increase the max header size for some assets but not to that size.&lt;BR /&gt;&lt;BR /&gt;&lt;/P&gt;&lt;P&gt;Evert.&lt;/P&gt;</description>
    <pubDate>Thu, 02 Jul 2026 12:14:33 GMT</pubDate>
    <dc:creator>Evert_Kooter</dc:creator>
    <dc:date>2026-07-02T12:14:33Z</dc:date>
    <item>
      <title>NGINX CVE-2026-42055: All Check Point WAF Deployments Protected by Default</title>
      <link>https://community.checkpoint.com/t5/WAF/NGINX-CVE-2026-42055-All-Check-Point-WAF-Deployments-Protected/m-p/278993#M415</link>
      <description>&lt;P&gt;&lt;STRONG&gt;&lt;SPAN data-contrast="auto"&gt;Description&lt;/SPAN&gt;&lt;/STRONG&gt;&lt;SPAN data-ccp-props="{}"&gt;&amp;nbsp;&lt;/SPAN&gt;&lt;/P&gt;
&lt;P&gt;&lt;SPAN data-contrast="auto"&gt;A recently disclosed vulnerability, CVE-2026-42055 (&lt;/SPAN&gt;&lt;A href="https://www.cve.org/CVERecord?id=CVE-2026-42055" target="_blank"&gt;&lt;SPAN data-contrast="none"&gt;https://www.cve.org/CVERecord?id=CVE-2026-42055&lt;/SPAN&gt;&lt;/A&gt;&lt;SPAN data-contrast="auto"&gt;), affects the NGINX ngx_http_proxy_v2_module and ngx_http_grpc_module modules.&lt;/SPAN&gt;&lt;SPAN data-ccp-props="{}"&gt;&amp;nbsp;&lt;/SPAN&gt;&lt;/P&gt;
&lt;P&gt;&lt;SPAN data-contrast="auto"&gt;According to public reporting, this heap-based buffer overflow becomes reachable only under a specific non-default configuration: NGINX proxying HTTP/2 traffic via proxy_http_version 2 or grpc_pass, ignore_invalid_headers set to off, and large_client_header_buffers larger than 2 MB. Under those conditions, a remote, unauthenticated attacker can send oversized headers during upstream request creation, causing memory corruption in the NGINX worker process. This leads to denial-of-service and, where ASLR is disabled or can be bypassed, possible code execution. The affected versions are 1.31.1 and 1.30.0 through 1.30.2, with fixes in NGINX 1.31.2 and 1.30.3. Vendor advisory: K000161584 (&lt;/SPAN&gt;&lt;A href="https://my.f5.com/manage/s/article/K000161584" target="_blank"&gt;&lt;SPAN data-contrast="none"&gt;https://my.f5.com/manage/s/article/K000161584&lt;/SPAN&gt;&lt;/A&gt;&lt;SPAN data-contrast="auto"&gt;).&lt;/SPAN&gt;&lt;SPAN data-ccp-props="{}"&gt;&amp;nbsp;&lt;/SPAN&gt;&lt;/P&gt;
&lt;P&gt;&lt;STRONG&gt;&lt;SPAN data-contrast="auto"&gt;Check Point Statement Regarding NGINX Vulnerability CVE-2026-42055&lt;/SPAN&gt;&lt;/STRONG&gt;&lt;SPAN data-ccp-props="{}"&gt;&amp;nbsp;&lt;/SPAN&gt;&lt;/P&gt;
&lt;P&gt;&lt;SPAN data-contrast="auto"&gt;Following internal assessment and validation, Check Point confirms that Check Point WAF customers are fully protected against CVE-2026-42055 in the default configuration.&lt;/SPAN&gt;&lt;SPAN data-ccp-props="{}"&gt;&amp;nbsp;&lt;/SPAN&gt;&lt;/P&gt;
&lt;P&gt;&lt;SPAN data-contrast="auto"&gt;By default, Check Point WAF limits the maximum header size to 100 KB, well below the 2 MB threshold required to trigger this vulnerability. Because oversized headers are required to reach the vulnerable code path, this limit alone prevents exploitation, independent of any other setting. The triggering configuration is also not enabled by default, as ignore_invalid_headers off is not used.&lt;/SPAN&gt;&lt;SPAN data-ccp-props="{}"&gt;&amp;nbsp;&lt;/SPAN&gt;&lt;/P&gt;
&lt;P&gt;&lt;SPAN data-contrast="auto"&gt;As&amp;nbsp;a&amp;nbsp;result&amp;nbsp;all NGINX deployments&amp;nbsp;integrated&amp;nbsp;with&amp;nbsp;Check Point WAF&amp;nbsp;are protected by the default 100 KB header limit.&lt;/SPAN&gt;&lt;SPAN data-ccp-props="{}"&gt;&amp;nbsp;&lt;/SPAN&gt;&lt;/P&gt;
&lt;P&gt;&lt;SPAN data-contrast="auto"&gt;Updated images with the latest supported NGINX components will be released shortly as part of Check Point's ongoing security and software maintenance process.&lt;/SPAN&gt;&lt;SPAN&gt;&amp;nbsp;&lt;BR /&gt;&lt;/SPAN&gt;&lt;SPAN&gt;&amp;nbsp;&lt;BR /&gt;&lt;/SPAN&gt;&lt;SPAN data-contrast="auto"&gt;Check Point continuously monitors emerging vulnerabilities and security advisories as part of its ongoing product security and hardening processes.&lt;/SPAN&gt;&lt;SPAN data-ccp-props="{}"&gt;&amp;nbsp;&lt;/SPAN&gt;&lt;/P&gt;</description>
      <pubDate>Fri, 26 Jun 2026 08:37:39 GMT</pubDate>
      <guid>https://community.checkpoint.com/t5/WAF/NGINX-CVE-2026-42055-All-Check-Point-WAF-Deployments-Protected/m-p/278993#M415</guid>
      <dc:creator>Vani</dc:creator>
      <dc:date>2026-06-26T08:37:39Z</dc:date>
    </item>
    <item>
      <title>Re: NGINX CVE-2026-42055: All Check Point WAF Deployments Protected by Default</title>
      <link>https://community.checkpoint.com/t5/WAF/NGINX-CVE-2026-42055-All-Check-Point-WAF-Deployments-Protected/m-p/279187#M418</link>
      <description>&lt;P&gt;Hi Vani,&lt;/P&gt;&lt;P&gt;I didn't try, but is it possible to increase the maximun header size to 2MB or higher from the portal? We had to increase the max header size for some assets but not to that size.&lt;BR /&gt;&lt;BR /&gt;&lt;/P&gt;&lt;P&gt;Evert.&lt;/P&gt;</description>
      <pubDate>Thu, 02 Jul 2026 12:14:33 GMT</pubDate>
      <guid>https://community.checkpoint.com/t5/WAF/NGINX-CVE-2026-42055-All-Check-Point-WAF-Deployments-Protected/m-p/279187#M418</guid>
      <dc:creator>Evert_Kooter</dc:creator>
      <dc:date>2026-07-02T12:14:33Z</dc:date>
    </item>
    <item>
      <title>Re: NGINX CVE-2026-42055: All Check Point WAF Deployments Protected by Default</title>
      <link>https://community.checkpoint.com/t5/WAF/NGINX-CVE-2026-42055-All-Check-Point-WAF-Deployments-Protected/m-p/279196#M419</link>
      <description>&lt;P&gt;Evert,&lt;/P&gt;
&lt;P&gt;The currently configured max header size can be easily checked here (and adjusted, if needed) for any given asset in the web UI:&lt;/P&gt;
&lt;P&gt;&lt;span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="image (2).png" style="width: 400px;"&gt;&lt;img src="https://community.checkpoint.com/t5/image/serverpage/image-id/34634iE76905F3DC1B465D/image-size/medium?v=v2&amp;amp;px=400" role="button" title="image (2).png" alt="image (2).png" /&gt;&lt;/span&gt;&lt;/P&gt;
&lt;P&gt;&lt;LI-WRAPPER&gt;&lt;SPAN data-teams="true"&gt;&amp;nbsp;&lt;/SPAN&gt;&lt;/LI-WRAPPER&gt;&lt;/P&gt;</description>
      <pubDate>Thu, 02 Jul 2026 13:22:26 GMT</pubDate>
      <guid>https://community.checkpoint.com/t5/WAF/NGINX-CVE-2026-42055-All-Check-Point-WAF-Deployments-Protected/m-p/279196#M419</guid>
      <dc:creator>Vani</dc:creator>
      <dc:date>2026-07-02T13:22:26Z</dc:date>
    </item>
  </channel>
</rss>

