CVE-2026-60005 is a vulnerability in NGINX Plus and NGINX Open Source affecting ngx_http_slice_module. Under configurations where the slice directive is used together with unnamed regular-expression captures, or during background cache update handling, a remote unauthenticated request can trigger uninitialized memory access in an NGINX worker process. The flaw is associated with slice processing and range-request handling in deployments built with ngx_http_slice_module enabled. Successful exploitation can result in limited disclosure of process memory contents or cause the affected worker process to restart. The issue is confined to the NGINX data plane; no control plane exposure has been identified. The module is not enabled by default and requires the --with-http_slice_module build option.
Mallory correlates every CVE against your assets, your vendors, and active adversary campaigns. Know which vulnerabilities matter for you, not just which ones are loud.
What it means. What to do now. Patch path, mitigations, and the assume-compromise checklist.
What an attacker gets, and what they’ve been doing with it.
If you can’t patch tonight, do this now.
Patch, then assume compromise.
No public exploits tracked yet. Mallory keeps watching.
No public exploit code observed for this vulnerability.
Products and vendors Mallory has correlated with this vulnerability. Open in Mallory to drill down to specific CPE configurations and version ranges.
Vendor-confirmed product mapping. Mallory continuously reconciles this list against your asset inventory.
10 sources tracked across advisories, community write-ups, and news. New activity surfaces here as Mallory finds it.
An uninitialized memory disclosure flaw in NGINX's ngx_http_slice_module that can allow limited data leakage or worker process restart under specific slice and regex capture conditions.
An uninitialized memory access vulnerability in the ngx_http_slice_module of NGINX Plus and NGINX Open Source that can be triggered remotely by unauthenticated attackers, potentially causing limited memory disclosure or restarting the NGINX worker process.
Уязвимость в nginx в модуле ngx_http_slice_module при использовании директивы slice, связанная с обработкой range-запросов.
Уязвимость в nginx в модуле ngx_http_slice_module, связанная с директивой slice и приводящая к чтению за пределами границ памяти.
Query your assets running an affected version, and investigate the blast radius.
Every observed campaign linking this CVE to a named adversary.
Malware families riding this exploit, with evidence and IOCs.
YARA, Sigma, Snort, and vendor rules, auto-deployed to your SIEM.
Cross-references every affected SKU, including bundled OEM variants.
Community discussion across Reddit, Mastodon, and other social sources.