Wind River Support Network

HomeDefectsLIN1025-14654
Acknowledged

LIN1025-14654 : Security Advisory - nginx - CVE-2026-40460

Created: May 14, 2026    Updated: Jun 2, 2026
Found In Version: 10.25.33.2
Severity: Standard
Applicable for: Wind River Linux LTS 25
Component/s: Userspace

Description

When NGINX Plus or NGINX Open Source are configured to use the HTTP/3 QUIC module, an attacker may be able to spoof their source IP address allowing for bypass of authorization or bypass of rate limiting.  Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
  • Linkedin
  • Facebook
  • Twitter
  • Youtube