A vulnerability identified as critical has been detected in F5 NGINX Plus and NGINX Open Source. Affected by this vulnerability is an unknown functionality of the component Map Directive. Performing a manipulation results in heap-based buffer overflow.

This vulnerability is cataloged as CVE-2026-42533. It is possible to initiate the attack remotely. There is no exploit available.