cve-2026-8711

CVE-2026-8711 is a high-severity vulnerability in NGINX JavaScript (njs) disclosed in May 2026. It allows an unauthenticated network attacker to crash NGINX worker processes when js_fetch_proxy uses client-controlled variables and JavaScript handlers call ngx.fetch(). The primary risk is denial of service, but under weaker platform conditions—especially where ASLR is disabled or bypassed—memory corruption may lead to remote code execution. For Windows users, this is relevant because modern Windows environments include reverse proxies, containers, WSL-adjacent tooling, and Azure services that rely on NGINX. The tag covers discussion of the vulnerability's impact on Windows-based NGINX deployments, mitigation strategies, and the importance of patching.