CVE-2026-42530 is a critical NGINX HTTP/3 flaw where ASLR may affect exploitability, but not the urgency of fixing the bug itself.