{"slug": "tell-hn-a-new-nginx-0-day-just-dropped", "title": "Tell HN: A new Nginx 0-day just dropped", "summary": "Nebula Security disclosed a new Nginx remote code execution 0-day affecting Fortune 500 companies. The vulnerability impacts Nginx Open Source versions 1.31.0 and 1.31.1 with HTTP/3 or QUIC enabled. Users are urged to upgrade to version 1.31.2 or disable QUIC immediately.", "body_md": "| ||||||||||||\n7 points by |\nWe (Nebula Security) just dropped a nginx remote code execution 0-day. This vulnerability affect dozens of fortune 500 companies and we disclosed to nginx team immediately. This 0-day is the third nginx bug that receives \"major\" rating since 2014. (\nTo check if your server is impacted: \n\n```\n  1. You are running NGINX Open Source v1.31.0 or v1.31.1\n\n  2. Your NGINX configuration enables HTTP/3 / QUIC\n```\n\n Immediate action:\n\n```\n  1. Upgrade NGINX to v1.31.2 or later\n  \n  2. If you cannot upgrade immediately, disable QUIC / HTTP/3 until you can patch\n```\n\n Shameless plug: this is the second nginx RCE 0-day we found in a month, using our security agent VEGA. (see our first nginx RCE at\nIn the meantime, if you are interesting in trying VEGA on your codebase, reach out at etenz@nebusec.ai. | |||||||||||\n|", "url": "https://wpnews.pro/news/tell-hn-a-new-nginx-0-day-just-dropped", "canonical_source": "https://news.ycombinator.com/item?id=48592738", "published_at": "2026-06-18 22:55:30+00:00", "updated_at": "2026-06-19 21:06:07.232997+00:00", "lang": "en", "topics": ["ai-safety", "ai-products", "ai-tools"], "entities": ["Nebula Security", "Nginx", "VEGA"], "alternates": {"html": "https://wpnews.pro/news/tell-hn-a-new-nginx-0-day-just-dropped", "markdown": "https://wpnews.pro/news/tell-hn-a-new-nginx-0-day-just-dropped.md", "text": "https://wpnews.pro/news/tell-hn-a-new-nginx-0-day-just-dropped.txt", "jsonld": "https://wpnews.pro/news/tell-hn-a-new-nginx-0-day-just-dropped.jsonld"}}