The nginx developers report:
A heap memory buffer overflow vulnerability when using the
"ignore_invalid_headers off;" and "large_client_header_buffers"
directives with large configured values while proxying a specially
crafted request to an HTTP/2 or gRPC backend may allow memory
corruption or a segmentation fault in a worker process
(CVE-2026-42055).
A heap memory buffer overread vulnerability while handling a
specially crafted response with decoding from UTF-8 via the
"charset_map" directive may allow limited disclosure of worker
process memory or a segmentation fault in a worker process
(CVE-2026-48142).