Overview
Barco is aware of the security vulnerabilities CVE‑2026‑42945 and CVE‑2026‑1642 related to NGINX and has assessed their potential impact on XMS Edge.
XMS Edge utilizes NGINX (as packaged with the XMS Edge platform). A detailed review was conducted to determine whether the NGINX version included in XMS Edge is affected and whether any exposure exists in supported deployment scenarios.
Current status
- Investigation completed
- Confirmed: The vulnerabilities affect the XMS Edge versions earlier than 2.19x
Timeline
Based on our internal assessment and planning, we have established the following timeline:
- Integration of the fix will begin the week of June 8, 2026.
- QA validation will follow immediately after integration.
- Hotfix deployment to update server is targeted for June 19, 2026 (subject to successful validation).
Recommended actions
Customers are advised to follow standard security best practices as a precaution:
- Ensure XMS Edge is running the latest supported release
- Restrict administrative and network access according to best practices
- Monitor system and access logs for unusual behavior
These recommendations are preventive measures while the hotfix is being prepared.
Next steps
Barco is working to release the hotfix as quickly as possible while maintaining quality and security standards.
- Installation instructions and release notes will be provided with the hotfix.
- Customers will be notified through standard communication channels.
For further assistance, please contact your Barco sales or support representative.
This article will be updated as additional information becomes available. We appreciate your understanding and partnership as we work to resolve this matter.
