NGINX through 1.18.0 allows an HTTP request smuggling attack that can lead to cache poisoning, credential hijacking, or security bypass.