Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Vani
Employee
Employee

NGINX CVE-2026-42055: All Check Point WAF Deployments Protected by Default

Description 

A recently disclosed vulnerability, CVE-2026-42055 (https://www.cve.org/CVERecord?id=CVE-2026-42055), affects the NGINX ngx_http_proxy_v2_module and ngx_http_grpc_module modules. 

According to public reporting, this heap-based buffer overflow becomes reachable only under a specific non-default configuration: NGINX proxying HTTP/2 traffic via proxy_http_version 2 or grpc_pass, ignore_invalid_headers set to off, and large_client_header_buffers larger than 2 MB. Under those conditions, a remote, unauthenticated attacker can send oversized headers during upstream request creation, causing memory corruption in the NGINX worker process. This leads to denial-of-service and, where ASLR is disabled or can be bypassed, possible code execution. The affected versions are 1.31.1 and 1.30.0 through 1.30.2, with fixes in NGINX 1.31.2 and 1.30.3. Vendor advisory: K000161584 (https://my.f5.com/manage/s/article/K000161584). 

Check Point Statement Regarding NGINX Vulnerability CVE-2026-42055 

Following internal assessment and validation, Check Point confirms that Check Point WAF customers are fully protected against CVE-2026-42055 in the default configuration. 

By default, Check Point WAF limits the maximum header size to 100 KB, well below the 2 MB threshold required to trigger this vulnerability. Because oversized headers are required to reach the vulnerable code path, this limit alone prevents exploitation, independent of any other setting. The triggering configuration is also not enabled by default, as ignore_invalid_headers off is not used. 

As a result all NGINX deployments integrated with Check Point WAF are protected by the default 100 KB header limit. 

Updated images with the latest supported NGINX components will be released shortly as part of Check Point's ongoing security and software maintenance process. 
 
Check Point continuously monitors emerging vulnerabilities and security advisories as part of its ongoing product security and hardening processes. 

2 Replies
Evert_Kooter
Participant

Hi Vani,

I didn't try, but is it possible to increase the maximun header size to 2MB or higher from the portal? We had to increase the max header size for some assets but not to that size.

Evert.

0 Kudos
Vani
Employee
Employee

Evert,

The currently configured max header size can be easily checked here (and adjusted, if needed) for any given asset in the web UI:

image (2).png

 

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events