StackPatch is liveSee product

Back to CVE digest
Ubuntu USN · USN-8425-1

njs vulnerability

Published: Thu, 11 Jun 2026 20:54

CVE-2026-8711

Summary

njs could be made to crash or run programs if it received a specially crafted input.

Details

It was discovered that njs did not properly handle certain client- controlled variables when processing ngx.fetch() requests. An attacker could possibly use this issue to trigger a heap buffer overflow, resulting in arbitrary code execution or a denial of service.

Recommended actions per Ubuntu release

StackPatch playbook auto-generated per release codename and per affected package.

Ubuntu resolute

  • libnginx-mod-js0.9.4-1ubuntu0.1~esm1apt_upgrade_esm

    Fixed at 0.9.4-1ubuntu0.1~esm1 — ESM-only. Enable Ubuntu Pro (free for 5 personal machines) or treat as watch item.

    sudo pro attach <token>
sudo apt-get update
sudo apt-get install --only-upgrade -y libnginx-mod-js=0.9.4-1ubuntu0.1~esm1

    Sign up at https://ubuntu.com/pro. Free for personal + small-team use.

  • libnginx-mod-http-js0.9.4-1ubuntu0.1~esm1apt_upgrade_esm

    Fixed at 0.9.4-1ubuntu0.1~esm1 — ESM-only. Enable Ubuntu Pro (free for 5 personal machines) or treat as watch item.

    sudo pro attach <token>
sudo apt-get update
sudo apt-get install --only-upgrade -y libnginx-mod-http-js=0.9.4-1ubuntu0.1~esm1

    Sign up at https://ubuntu.com/pro. Free for personal + small-team use.

  • libnginx-mod-stream-js0.9.4-1ubuntu0.1~esm1apt_upgrade_esm

    Fixed at 0.9.4-1ubuntu0.1~esm1 — ESM-only. Enable Ubuntu Pro (free for 5 personal machines) or treat as watch item.

    sudo pro attach <token>
sudo apt-get update
sudo apt-get install --only-upgrade -y libnginx-mod-stream-js=0.9.4-1ubuntu0.1~esm1

    Sign up at https://ubuntu.com/pro. Free for personal + small-team use.

  • njs0.9.4-1ubuntu0.1~esm1apt_upgrade_esm

    Fixed at 0.9.4-1ubuntu0.1~esm1 — ESM-only. Enable Ubuntu Pro (free for 5 personal machines) or treat as watch item.

    sudo pro attach <token>
sudo apt-get update
sudo apt-get install --only-upgrade -y njs=0.9.4-1ubuntu0.1~esm1

    Sign up at https://ubuntu.com/pro. Free for personal + small-team use.

Are YOU affected by USN-8425-1?

5-second check on your actual server. Reads /etc/os-release, uname -r, and dpkg-query; matches against the live USN + Debian Security Tracker feeds; tells you whether USN-8425-1 (and any other live CVE) applies. Anonymous, no signup.

curl https://mindsparkstack.com/scan.sh | bash
Form-based quickscan Read the bash source first
Want this automated for your servers?

StackPatch runs this match against YOUR installed packages every hour

Free (3 servers) / from $9/mo (14-day free trial) / Solo $9/mo / Pro $29/mo / Team $79/mo. Indie pricing.

Start free trial →See StackPatch →Live audit log →