Vulnerability-Lookup

SUSE-SU-2026:1761-1

Vulnerability from csaf_suse - Published: 2026-05-08 08:58 - Updated: 2026-05-08 08:58

Summary

Security update for nginx

Severity

Important

Notes

Title of the patch: Security update for nginx

Description of the patch: This update for nginx fixes the following issues: - CVE-2026-1642: plain text data injection into the response from an upstream proxied server via MITM attack (bsc#1257675). - CVE-2026-27654: buffer overflow in the NGINX worker process via the `ngx_http_dav_module` module (bsc#1260416). - CVE-2026-27784: NGINX worker memory overread or overwrite via a specially crafted MP4 file (bsc#1260417). - CVE-2026-28753: arbitrary header injection into SMTP upstream requests via attacker-controlled DNS server (bsc#1260418).

Patchnames: SUSE-2026-1761,SUSE-SLE-Module-Server-Applications-15-SP7-2026-1761,SUSE-SLE-Product-SLES-15-SP6-LTSS-2026-1761,SUSE-SLE-Product-SLES_SAP-15-SP6-2026-1761

CVE-2026-1642

5.9 (Medium)


                        
                          CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

Vendor Fix To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".

CVE-2026-27654

8.2 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H

Vendor Fix To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".

CVE-2026-27784

7.8 (High)


                        
                          CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Vendor Fix To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".

CVE-2026-28753

3.7 (Low)


                        
                          CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N

Vendor Fix To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".

References

URL

Category

	https://www.suse.com/support/security/rating/	external
	https://ftp.suse.com/pub/projects/security/csaf/s…	self
	https://www.suse.com/support/update/announcement/…	self
	https://lists.suse.com/pipermail/sle-security-upd…	self
	https://bugzilla.suse.com/1257675	self
	https://bugzilla.suse.com/1260416	self
	https://bugzilla.suse.com/1260417	self
	https://bugzilla.suse.com/1260418	self
	https://www.suse.com/security/cve/CVE-2026-1642/	self
	https://www.suse.com/security/cve/CVE-2026-27654/	self
	https://www.suse.com/security/cve/CVE-2026-27784/	self
	https://www.suse.com/security/cve/CVE-2026-28753/	self
	https://www.suse.com/security/cve/CVE-2026-1642	external
	https://bugzilla.suse.com/1257675	external
	https://www.suse.com/security/cve/CVE-2026-27654	external
	https://bugzilla.suse.com/1260416	external
	https://www.suse.com/security/cve/CVE-2026-27784	external
	https://bugzilla.suse.com/1260417	external
	https://www.suse.com/security/cve/CVE-2026-28753	external
	https://bugzilla.suse.com/1260418	external

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://www.suse.com/support/security/rating/",
      "text": "important"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright 2024 SUSE LLC. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "Security update for nginx",
        "title": "Title of the patch"
      },
      {
        "category": "description",
        "text": "This update for nginx fixes the following issues:\n\n- CVE-2026-1642: plain text data injection into the response from an upstream proxied server via MITM attack\n  (bsc#1257675).\n- CVE-2026-27654: buffer overflow in the NGINX worker process via the `ngx_http_dav_module` module (bsc#1260416).\n- CVE-2026-27784: NGINX worker memory overread or overwrite via a specially crafted MP4 file (bsc#1260417).\n- CVE-2026-28753: arbitrary header injection into SMTP upstream requests via attacker-controlled DNS server\n  (bsc#1260418).\n",
        "title": "Description of the patch"
      },
      {
        "category": "details",
        "text": "SUSE-2026-1761,SUSE-SLE-Module-Server-Applications-15-SP7-2026-1761,SUSE-SLE-Product-SLES-15-SP6-LTSS-2026-1761,SUSE-SLE-Product-SLES_SAP-15-SP6-2026-1761",
        "title": "Patchnames"
      },
      {
        "category": "legal_disclaimer",
        "text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
        "title": "Terms of use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://www.suse.com/support/security/contact/",
      "name": "SUSE Product Security Team",
      "namespace": "https://www.suse.com/"
    },
    "references": [
      {
        "category": "external",
        "summary": "SUSE ratings",
        "url": "https://www.suse.com/support/security/rating/"
      },
      {
        "category": "self",
        "summary": "URL of this CSAF notice",
        "url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2026_1761-1.json"
      },
      {
        "category": "self",
        "summary": "URL for SUSE-SU-2026:1761-1",
        "url": "https://www.suse.com/support/update/announcement/2026/suse-su-20261761-1/"
      },
      {
        "category": "self",
        "summary": "E-Mail link for SUSE-SU-2026:1761-1",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2026-May/025945.html"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1257675",
        "url": "https://bugzilla.suse.com/1257675"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1260416",
        "url": "https://bugzilla.suse.com/1260416"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1260417",
        "url": "https://bugzilla.suse.com/1260417"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1260418",
        "url": "https://bugzilla.suse.com/1260418"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2026-1642 page",
        "url": "https://www.suse.com/security/cve/CVE-2026-1642/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2026-27654 page",
        "url": "https://www.suse.com/security/cve/CVE-2026-27654/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2026-27784 page",
        "url": "https://www.suse.com/security/cve/CVE-2026-27784/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2026-28753 page",
        "url": "https://www.suse.com/security/cve/CVE-2026-28753/"
      }
    ],
    "title": "Security update for nginx",
    "tracking": {
      "current_release_date": "2026-05-08T08:58:17Z",
      "generator": {
        "date": "2026-05-08T08:58:17Z",
        "engine": {
          "name": "cve-database.git:bin/generate-csaf.pl",
          "version": "1"
        }
      },
      "id": "SUSE-SU-2026:1761-1",
      "initial_release_date": "2026-05-08T08:58:17Z",
      "revision_history": [
        {
          "date": "2026-05-08T08:58:17Z",
          "number": "1",
          "summary": "Current version"
        }
      ],
      "status": "final",
      "version": "1"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version",
                "name": "nginx-1.21.5-150600.10.15.1.aarch64",
                "product": {
                  "name": "nginx-1.21.5-150600.10.15.1.aarch64",
                  "product_id": "nginx-1.21.5-150600.10.15.1.aarch64"
                }
              }
            ],
            "category": "architecture",
            "name": "aarch64"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "nginx-1.21.5-150600.10.15.1.i586",
                "product": {
                  "name": "nginx-1.21.5-150600.10.15.1.i586",
                  "product_id": "nginx-1.21.5-150600.10.15.1.i586"
                }
              }
            ],
            "category": "architecture",
            "name": "i586"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "nginx-source-1.21.5-150600.10.15.1.noarch",
                "product": {
                  "name": "nginx-source-1.21.5-150600.10.15.1.noarch",
                  "product_id": "nginx-source-1.21.5-150600.10.15.1.noarch"
                }
              }
            ],
            "category": "architecture",
            "name": "noarch"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "nginx-1.21.5-150600.10.15.1.ppc64le",
                "product": {
                  "name": "nginx-1.21.5-150600.10.15.1.ppc64le",
                  "product_id": "nginx-1.21.5-150600.10.15.1.ppc64le"
                }
              }
            ],
            "category": "architecture",
            "name": "ppc64le"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "nginx-1.21.5-150600.10.15.1.s390x",
                "product": {
                  "name": "nginx-1.21.5-150600.10.15.1.s390x",
                  "product_id": "nginx-1.21.5-150600.10.15.1.s390x"
                }
              }
            ],
            "category": "architecture",
            "name": "s390x"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "nginx-1.21.5-150600.10.15.1.x86_64",
                "product": {
                  "name": "nginx-1.21.5-150600.10.15.1.x86_64",
                  "product_id": "nginx-1.21.5-150600.10.15.1.x86_64"
                }
              }
            ],
            "category": "architecture",
            "name": "x86_64"
          },
          {
            "branches": [
              {
                "category": "product_name",
                "name": "SUSE Linux Enterprise Module for Server Applications 15 SP7",
                "product": {
                  "name": "SUSE Linux Enterprise Module for Server Applications 15 SP7",
                  "product_id": "SUSE Linux Enterprise Module for Server Applications 15 SP7",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:suse:sle-module-server-applications:15:sp7"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "SUSE Linux Enterprise Server 15 SP6-LTSS",
                "product": {
                  "name": "SUSE Linux Enterprise Server 15 SP6-LTSS",
                  "product_id": "SUSE Linux Enterprise Server 15 SP6-LTSS",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:suse:sles-ltss:15:sp6"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "SUSE Linux Enterprise Server for SAP Applications 15 SP6",
                "product": {
                  "name": "SUSE Linux Enterprise Server for SAP Applications 15 SP6",
                  "product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP6",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:suse:sles_sap:15:sp6"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "SUSE Linux Enterprise"
          }
        ],
        "category": "vendor",
        "name": "SUSE"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nginx-1.21.5-150600.10.15.1.aarch64 as component of SUSE Linux Enterprise Module for Server Applications 15 SP7",
          "product_id": "SUSE Linux Enterprise Module for Server Applications 15 SP7:nginx-1.21.5-150600.10.15.1.aarch64"
        },
        "product_reference": "nginx-1.21.5-150600.10.15.1.aarch64",
        "relates_to_product_reference": "SUSE Linux Enterprise Module for Server Applications 15 SP7"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nginx-1.21.5-150600.10.15.1.ppc64le as component of SUSE Linux Enterprise Module for Server Applications 15 SP7",
          "product_id": "SUSE Linux Enterprise Module for Server Applications 15 SP7:nginx-1.21.5-150600.10.15.1.ppc64le"
        },
        "product_reference": "nginx-1.21.5-150600.10.15.1.ppc64le",
        "relates_to_product_reference": "SUSE Linux Enterprise Module for Server Applications 15 SP7"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nginx-1.21.5-150600.10.15.1.s390x as component of SUSE Linux Enterprise Module for Server Applications 15 SP7",
          "product_id": "SUSE Linux Enterprise Module for Server Applications 15 SP7:nginx-1.21.5-150600.10.15.1.s390x"
        },
        "product_reference": "nginx-1.21.5-150600.10.15.1.s390x",
        "relates_to_product_reference": "SUSE Linux Enterprise Module for Server Applications 15 SP7"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nginx-1.21.5-150600.10.15.1.x86_64 as component of SUSE Linux Enterprise Module for Server Applications 15 SP7",
          "product_id": "SUSE Linux Enterprise Module for Server Applications 15 SP7:nginx-1.21.5-150600.10.15.1.x86_64"
        },
        "product_reference": "nginx-1.21.5-150600.10.15.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Module for Server Applications 15 SP7"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nginx-source-1.21.5-150600.10.15.1.noarch as component of SUSE Linux Enterprise Module for Server Applications 15 SP7",
          "product_id": "SUSE Linux Enterprise Module for Server Applications 15 SP7:nginx-source-1.21.5-150600.10.15.1.noarch"
        },
        "product_reference": "nginx-source-1.21.5-150600.10.15.1.noarch",
        "relates_to_product_reference": "SUSE Linux Enterprise Module for Server Applications 15 SP7"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nginx-1.21.5-150600.10.15.1.aarch64 as component of SUSE Linux Enterprise Server 15 SP6-LTSS",
          "product_id": "SUSE Linux Enterprise Server 15 SP6-LTSS:nginx-1.21.5-150600.10.15.1.aarch64"
        },
        "product_reference": "nginx-1.21.5-150600.10.15.1.aarch64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP6-LTSS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nginx-1.21.5-150600.10.15.1.ppc64le as component of SUSE Linux Enterprise Server 15 SP6-LTSS",
          "product_id": "SUSE Linux Enterprise Server 15 SP6-LTSS:nginx-1.21.5-150600.10.15.1.ppc64le"
        },
        "product_reference": "nginx-1.21.5-150600.10.15.1.ppc64le",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP6-LTSS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nginx-1.21.5-150600.10.15.1.s390x as component of SUSE Linux Enterprise Server 15 SP6-LTSS",
          "product_id": "SUSE Linux Enterprise Server 15 SP6-LTSS:nginx-1.21.5-150600.10.15.1.s390x"
        },
        "product_reference": "nginx-1.21.5-150600.10.15.1.s390x",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP6-LTSS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nginx-1.21.5-150600.10.15.1.x86_64 as component of SUSE Linux Enterprise Server 15 SP6-LTSS",
          "product_id": "SUSE Linux Enterprise Server 15 SP6-LTSS:nginx-1.21.5-150600.10.15.1.x86_64"
        },
        "product_reference": "nginx-1.21.5-150600.10.15.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP6-LTSS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nginx-source-1.21.5-150600.10.15.1.noarch as component of SUSE Linux Enterprise Server 15 SP6-LTSS",
          "product_id": "SUSE Linux Enterprise Server 15 SP6-LTSS:nginx-source-1.21.5-150600.10.15.1.noarch"
        },
        "product_reference": "nginx-source-1.21.5-150600.10.15.1.noarch",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP6-LTSS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nginx-1.21.5-150600.10.15.1.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 15 SP6",
          "product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP6:nginx-1.21.5-150600.10.15.1.ppc64le"
        },
        "product_reference": "nginx-1.21.5-150600.10.15.1.ppc64le",
        "relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP6"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nginx-1.21.5-150600.10.15.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 15 SP6",
          "product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP6:nginx-1.21.5-150600.10.15.1.x86_64"
        },
        "product_reference": "nginx-1.21.5-150600.10.15.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP6"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nginx-source-1.21.5-150600.10.15.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 15 SP6",
          "product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP6:nginx-source-1.21.5-150600.10.15.1.noarch"
        },
        "product_reference": "nginx-source-1.21.5-150600.10.15.1.noarch",
        "relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP6"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2026-1642",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2026-1642"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "A vulnerability exists in NGINX OSS and NGINX Plus when configured to proxy to upstream Transport Layer Security (TLS) servers. An attacker with a man-in-the-middle (MITM) position on the upstream server side-along with conditions beyond the attacker\u0027s control-may be able to inject plain text data into the response from an upstream proxied server.    Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Module for Server Applications 15 SP7:nginx-1.21.5-150600.10.15.1.aarch64",
          "SUSE Linux Enterprise Module for Server Applications 15 SP7:nginx-1.21.5-150600.10.15.1.ppc64le",
          "SUSE Linux Enterprise Module for Server Applications 15 SP7:nginx-1.21.5-150600.10.15.1.s390x",
          "SUSE Linux Enterprise Module for Server Applications 15 SP7:nginx-1.21.5-150600.10.15.1.x86_64",
          "SUSE Linux Enterprise Module for Server Applications 15 SP7:nginx-source-1.21.5-150600.10.15.1.noarch",
          "SUSE Linux Enterprise Server 15 SP6-LTSS:nginx-1.21.5-150600.10.15.1.aarch64",
          "SUSE Linux Enterprise Server 15 SP6-LTSS:nginx-1.21.5-150600.10.15.1.ppc64le",
          "SUSE Linux Enterprise Server 15 SP6-LTSS:nginx-1.21.5-150600.10.15.1.s390x",
          "SUSE Linux Enterprise Server 15 SP6-LTSS:nginx-1.21.5-150600.10.15.1.x86_64",
          "SUSE Linux Enterprise Server 15 SP6-LTSS:nginx-source-1.21.5-150600.10.15.1.noarch",
          "SUSE Linux Enterprise Server for SAP Applications 15 SP6:nginx-1.21.5-150600.10.15.1.ppc64le",
          "SUSE Linux Enterprise Server for SAP Applications 15 SP6:nginx-1.21.5-150600.10.15.1.x86_64",
          "SUSE Linux Enterprise Server for SAP Applications 15 SP6:nginx-source-1.21.5-150600.10.15.1.noarch"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2026-1642",
          "url": "https://www.suse.com/security/cve/CVE-2026-1642"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1257675 for CVE-2026-1642",
          "url": "https://bugzilla.suse.com/1257675"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Module for Server Applications 15 SP7:nginx-1.21.5-150600.10.15.1.aarch64",
            "SUSE Linux Enterprise Module for Server Applications 15 SP7:nginx-1.21.5-150600.10.15.1.ppc64le",
            "SUSE Linux Enterprise Module for Server Applications 15 SP7:nginx-1.21.5-150600.10.15.1.s390x",
            "SUSE Linux Enterprise Module for Server Applications 15 SP7:nginx-1.21.5-150600.10.15.1.x86_64",
            "SUSE Linux Enterprise Module for Server Applications 15 SP7:nginx-source-1.21.5-150600.10.15.1.noarch",
            "SUSE Linux Enterprise Server 15 SP6-LTSS:nginx-1.21.5-150600.10.15.1.aarch64",
            "SUSE Linux Enterprise Server 15 SP6-LTSS:nginx-1.21.5-150600.10.15.1.ppc64le",
            "SUSE Linux Enterprise Server 15 SP6-LTSS:nginx-1.21.5-150600.10.15.1.s390x",
            "SUSE Linux Enterprise Server 15 SP6-LTSS:nginx-1.21.5-150600.10.15.1.x86_64",
            "SUSE Linux Enterprise Server 15 SP6-LTSS:nginx-source-1.21.5-150600.10.15.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP6:nginx-1.21.5-150600.10.15.1.ppc64le",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP6:nginx-1.21.5-150600.10.15.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP6:nginx-source-1.21.5-150600.10.15.1.noarch"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.9,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Enterprise Module for Server Applications 15 SP7:nginx-1.21.5-150600.10.15.1.aarch64",
            "SUSE Linux Enterprise Module for Server Applications 15 SP7:nginx-1.21.5-150600.10.15.1.ppc64le",
            "SUSE Linux Enterprise Module for Server Applications 15 SP7:nginx-1.21.5-150600.10.15.1.s390x",
            "SUSE Linux Enterprise Module for Server Applications 15 SP7:nginx-1.21.5-150600.10.15.1.x86_64",
            "SUSE Linux Enterprise Module for Server Applications 15 SP7:nginx-source-1.21.5-150600.10.15.1.noarch",
            "SUSE Linux Enterprise Server 15 SP6-LTSS:nginx-1.21.5-150600.10.15.1.aarch64",
            "SUSE Linux Enterprise Server 15 SP6-LTSS:nginx-1.21.5-150600.10.15.1.ppc64le",
            "SUSE Linux Enterprise Server 15 SP6-LTSS:nginx-1.21.5-150600.10.15.1.s390x",
            "SUSE Linux Enterprise Server 15 SP6-LTSS:nginx-1.21.5-150600.10.15.1.x86_64",
            "SUSE Linux Enterprise Server 15 SP6-LTSS:nginx-source-1.21.5-150600.10.15.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP6:nginx-1.21.5-150600.10.15.1.ppc64le",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP6:nginx-1.21.5-150600.10.15.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP6:nginx-source-1.21.5-150600.10.15.1.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2026-05-08T08:58:17Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2026-1642"
    },
    {
      "cve": "CVE-2026-27654",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2026-27654"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "NGINX Open Source and NGINX Plus have a vulnerability in the ngx_http_dav_module module that might allow an attacker to trigger a buffer overflow to the NGINX worker process; this vulnerability may result in termination of the NGINX worker process or modification of source or destination file names outside the document root. This issue affects NGINX Open Source and NGINX Plus when the configuration file uses DAV module MOVE or COPY methods, prefix location (nonregular expression location configuration), and alias directives. The integrity impact is constrained because the NGINX worker process user has low privileges and does not have access to the entire system. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Module for Server Applications 15 SP7:nginx-1.21.5-150600.10.15.1.aarch64",
          "SUSE Linux Enterprise Module for Server Applications 15 SP7:nginx-1.21.5-150600.10.15.1.ppc64le",
          "SUSE Linux Enterprise Module for Server Applications 15 SP7:nginx-1.21.5-150600.10.15.1.s390x",
          "SUSE Linux Enterprise Module for Server Applications 15 SP7:nginx-1.21.5-150600.10.15.1.x86_64",
          "SUSE Linux Enterprise Module for Server Applications 15 SP7:nginx-source-1.21.5-150600.10.15.1.noarch",
          "SUSE Linux Enterprise Server 15 SP6-LTSS:nginx-1.21.5-150600.10.15.1.aarch64",
          "SUSE Linux Enterprise Server 15 SP6-LTSS:nginx-1.21.5-150600.10.15.1.ppc64le",
          "SUSE Linux Enterprise Server 15 SP6-LTSS:nginx-1.21.5-150600.10.15.1.s390x",
          "SUSE Linux Enterprise Server 15 SP6-LTSS:nginx-1.21.5-150600.10.15.1.x86_64",
          "SUSE Linux Enterprise Server 15 SP6-LTSS:nginx-source-1.21.5-150600.10.15.1.noarch",
          "SUSE Linux Enterprise Server for SAP Applications 15 SP6:nginx-1.21.5-150600.10.15.1.ppc64le",
          "SUSE Linux Enterprise Server for SAP Applications 15 SP6:nginx-1.21.5-150600.10.15.1.x86_64",
          "SUSE Linux Enterprise Server for SAP Applications 15 SP6:nginx-source-1.21.5-150600.10.15.1.noarch"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2026-27654",
          "url": "https://www.suse.com/security/cve/CVE-2026-27654"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1260416 for CVE-2026-27654",
          "url": "https://bugzilla.suse.com/1260416"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Module for Server Applications 15 SP7:nginx-1.21.5-150600.10.15.1.aarch64",
            "SUSE Linux Enterprise Module for Server Applications 15 SP7:nginx-1.21.5-150600.10.15.1.ppc64le",
            "SUSE Linux Enterprise Module for Server Applications 15 SP7:nginx-1.21.5-150600.10.15.1.s390x",
            "SUSE Linux Enterprise Module for Server Applications 15 SP7:nginx-1.21.5-150600.10.15.1.x86_64",
            "SUSE Linux Enterprise Module for Server Applications 15 SP7:nginx-source-1.21.5-150600.10.15.1.noarch",
            "SUSE Linux Enterprise Server 15 SP6-LTSS:nginx-1.21.5-150600.10.15.1.aarch64",
            "SUSE Linux Enterprise Server 15 SP6-LTSS:nginx-1.21.5-150600.10.15.1.ppc64le",
            "SUSE Linux Enterprise Server 15 SP6-LTSS:nginx-1.21.5-150600.10.15.1.s390x",
            "SUSE Linux Enterprise Server 15 SP6-LTSS:nginx-1.21.5-150600.10.15.1.x86_64",
            "SUSE Linux Enterprise Server 15 SP6-LTSS:nginx-source-1.21.5-150600.10.15.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP6:nginx-1.21.5-150600.10.15.1.ppc64le",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP6:nginx-1.21.5-150600.10.15.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP6:nginx-source-1.21.5-150600.10.15.1.noarch"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 8.2,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Enterprise Module for Server Applications 15 SP7:nginx-1.21.5-150600.10.15.1.aarch64",
            "SUSE Linux Enterprise Module for Server Applications 15 SP7:nginx-1.21.5-150600.10.15.1.ppc64le",
            "SUSE Linux Enterprise Module for Server Applications 15 SP7:nginx-1.21.5-150600.10.15.1.s390x",
            "SUSE Linux Enterprise Module for Server Applications 15 SP7:nginx-1.21.5-150600.10.15.1.x86_64",
            "SUSE Linux Enterprise Module for Server Applications 15 SP7:nginx-source-1.21.5-150600.10.15.1.noarch",
            "SUSE Linux Enterprise Server 15 SP6-LTSS:nginx-1.21.5-150600.10.15.1.aarch64",
            "SUSE Linux Enterprise Server 15 SP6-LTSS:nginx-1.21.5-150600.10.15.1.ppc64le",
            "SUSE Linux Enterprise Server 15 SP6-LTSS:nginx-1.21.5-150600.10.15.1.s390x",
            "SUSE Linux Enterprise Server 15 SP6-LTSS:nginx-1.21.5-150600.10.15.1.x86_64",
            "SUSE Linux Enterprise Server 15 SP6-LTSS:nginx-source-1.21.5-150600.10.15.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP6:nginx-1.21.5-150600.10.15.1.ppc64le",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP6:nginx-1.21.5-150600.10.15.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP6:nginx-source-1.21.5-150600.10.15.1.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2026-05-08T08:58:17Z",
          "details": "important"
        }
      ],
      "title": "CVE-2026-27654"
    },
    {
      "cve": "CVE-2026-27784",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2026-27784"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "The 32-bit implementation of NGINX Open Source has a vulnerability in the ngx_http_mp4_module module, which might allow an attacker to over-read or over-write NGINX worker memory resulting in its termination, using a specially crafted MP4 file. The issue only affects 32-bit NGINX Open Source if it is built with the ngx_http_mp4_module module and the mp4 directive is used in the configuration file. Additionally, the attack is possible only if an attacker can trigger the processing of a specially crafted MP4 file with the ngx_http_mp4_module module. \n\n\nNote: Software versions which have reached End of Technical Support (EoTS) are not evaluated.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Module for Server Applications 15 SP7:nginx-1.21.5-150600.10.15.1.aarch64",
          "SUSE Linux Enterprise Module for Server Applications 15 SP7:nginx-1.21.5-150600.10.15.1.ppc64le",
          "SUSE Linux Enterprise Module for Server Applications 15 SP7:nginx-1.21.5-150600.10.15.1.s390x",
          "SUSE Linux Enterprise Module for Server Applications 15 SP7:nginx-1.21.5-150600.10.15.1.x86_64",
          "SUSE Linux Enterprise Module for Server Applications 15 SP7:nginx-source-1.21.5-150600.10.15.1.noarch",
          "SUSE Linux Enterprise Server 15 SP6-LTSS:nginx-1.21.5-150600.10.15.1.aarch64",
          "SUSE Linux Enterprise Server 15 SP6-LTSS:nginx-1.21.5-150600.10.15.1.ppc64le",
          "SUSE Linux Enterprise Server 15 SP6-LTSS:nginx-1.21.5-150600.10.15.1.s390x",
          "SUSE Linux Enterprise Server 15 SP6-LTSS:nginx-1.21.5-150600.10.15.1.x86_64",
          "SUSE Linux Enterprise Server 15 SP6-LTSS:nginx-source-1.21.5-150600.10.15.1.noarch",
          "SUSE Linux Enterprise Server for SAP Applications 15 SP6:nginx-1.21.5-150600.10.15.1.ppc64le",
          "SUSE Linux Enterprise Server for SAP Applications 15 SP6:nginx-1.21.5-150600.10.15.1.x86_64",
          "SUSE Linux Enterprise Server for SAP Applications 15 SP6:nginx-source-1.21.5-150600.10.15.1.noarch"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2026-27784",
          "url": "https://www.suse.com/security/cve/CVE-2026-27784"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1260417 for CVE-2026-27784",
          "url": "https://bugzilla.suse.com/1260417"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Module for Server Applications 15 SP7:nginx-1.21.5-150600.10.15.1.aarch64",
            "SUSE Linux Enterprise Module for Server Applications 15 SP7:nginx-1.21.5-150600.10.15.1.ppc64le",
            "SUSE Linux Enterprise Module for Server Applications 15 SP7:nginx-1.21.5-150600.10.15.1.s390x",
            "SUSE Linux Enterprise Module for Server Applications 15 SP7:nginx-1.21.5-150600.10.15.1.x86_64",
            "SUSE Linux Enterprise Module for Server Applications 15 SP7:nginx-source-1.21.5-150600.10.15.1.noarch",
            "SUSE Linux Enterprise Server 15 SP6-LTSS:nginx-1.21.5-150600.10.15.1.aarch64",
            "SUSE Linux Enterprise Server 15 SP6-LTSS:nginx-1.21.5-150600.10.15.1.ppc64le",
            "SUSE Linux Enterprise Server 15 SP6-LTSS:nginx-1.21.5-150600.10.15.1.s390x",
            "SUSE Linux Enterprise Server 15 SP6-LTSS:nginx-1.21.5-150600.10.15.1.x86_64",
            "SUSE Linux Enterprise Server 15 SP6-LTSS:nginx-source-1.21.5-150600.10.15.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP6:nginx-1.21.5-150600.10.15.1.ppc64le",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP6:nginx-1.21.5-150600.10.15.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP6:nginx-source-1.21.5-150600.10.15.1.noarch"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Enterprise Module for Server Applications 15 SP7:nginx-1.21.5-150600.10.15.1.aarch64",
            "SUSE Linux Enterprise Module for Server Applications 15 SP7:nginx-1.21.5-150600.10.15.1.ppc64le",
            "SUSE Linux Enterprise Module for Server Applications 15 SP7:nginx-1.21.5-150600.10.15.1.s390x",
            "SUSE Linux Enterprise Module for Server Applications 15 SP7:nginx-1.21.5-150600.10.15.1.x86_64",
            "SUSE Linux Enterprise Module for Server Applications 15 SP7:nginx-source-1.21.5-150600.10.15.1.noarch",
            "SUSE Linux Enterprise Server 15 SP6-LTSS:nginx-1.21.5-150600.10.15.1.aarch64",
            "SUSE Linux Enterprise Server 15 SP6-LTSS:nginx-1.21.5-150600.10.15.1.ppc64le",
            "SUSE Linux Enterprise Server 15 SP6-LTSS:nginx-1.21.5-150600.10.15.1.s390x",
            "SUSE Linux Enterprise Server 15 SP6-LTSS:nginx-1.21.5-150600.10.15.1.x86_64",
            "SUSE Linux Enterprise Server 15 SP6-LTSS:nginx-source-1.21.5-150600.10.15.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP6:nginx-1.21.5-150600.10.15.1.ppc64le",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP6:nginx-1.21.5-150600.10.15.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP6:nginx-source-1.21.5-150600.10.15.1.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2026-05-08T08:58:17Z",
          "details": "important"
        }
      ],
      "title": "CVE-2026-27784"
    },
    {
      "cve": "CVE-2026-28753",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2026-28753"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "NGINX Plus and NGINX Open Source have a vulnerability in the ngx_mail_smtp_module module due to the improper handling of CRLF sequences in DNS responses. This allows an attacker-controlled DNS server to inject arbitrary headers into SMTP upstream requests, leading to potential request manipulation. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Module for Server Applications 15 SP7:nginx-1.21.5-150600.10.15.1.aarch64",
          "SUSE Linux Enterprise Module for Server Applications 15 SP7:nginx-1.21.5-150600.10.15.1.ppc64le",
          "SUSE Linux Enterprise Module for Server Applications 15 SP7:nginx-1.21.5-150600.10.15.1.s390x",
          "SUSE Linux Enterprise Module for Server Applications 15 SP7:nginx-1.21.5-150600.10.15.1.x86_64",
          "SUSE Linux Enterprise Module for Server Applications 15 SP7:nginx-source-1.21.5-150600.10.15.1.noarch",
          "SUSE Linux Enterprise Server 15 SP6-LTSS:nginx-1.21.5-150600.10.15.1.aarch64",
          "SUSE Linux Enterprise Server 15 SP6-LTSS:nginx-1.21.5-150600.10.15.1.ppc64le",
          "SUSE Linux Enterprise Server 15 SP6-LTSS:nginx-1.21.5-150600.10.15.1.s390x",
          "SUSE Linux Enterprise Server 15 SP6-LTSS:nginx-1.21.5-150600.10.15.1.x86_64",
          "SUSE Linux Enterprise Server 15 SP6-LTSS:nginx-source-1.21.5-150600.10.15.1.noarch",
          "SUSE Linux Enterprise Server for SAP Applications 15 SP6:nginx-1.21.5-150600.10.15.1.ppc64le",
          "SUSE Linux Enterprise Server for SAP Applications 15 SP6:nginx-1.21.5-150600.10.15.1.x86_64",
          "SUSE Linux Enterprise Server for SAP Applications 15 SP6:nginx-source-1.21.5-150600.10.15.1.noarch"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2026-28753",
          "url": "https://www.suse.com/security/cve/CVE-2026-28753"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1260418 for CVE-2026-28753",
          "url": "https://bugzilla.suse.com/1260418"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Module for Server Applications 15 SP7:nginx-1.21.5-150600.10.15.1.aarch64",
            "SUSE Linux Enterprise Module for Server Applications 15 SP7:nginx-1.21.5-150600.10.15.1.ppc64le",
            "SUSE Linux Enterprise Module for Server Applications 15 SP7:nginx-1.21.5-150600.10.15.1.s390x",
            "SUSE Linux Enterprise Module for Server Applications 15 SP7:nginx-1.21.5-150600.10.15.1.x86_64",
            "SUSE Linux Enterprise Module for Server Applications 15 SP7:nginx-source-1.21.5-150600.10.15.1.noarch",
            "SUSE Linux Enterprise Server 15 SP6-LTSS:nginx-1.21.5-150600.10.15.1.aarch64",
            "SUSE Linux Enterprise Server 15 SP6-LTSS:nginx-1.21.5-150600.10.15.1.ppc64le",
            "SUSE Linux Enterprise Server 15 SP6-LTSS:nginx-1.21.5-150600.10.15.1.s390x",
            "SUSE Linux Enterprise Server 15 SP6-LTSS:nginx-1.21.5-150600.10.15.1.x86_64",
            "SUSE Linux Enterprise Server 15 SP6-LTSS:nginx-source-1.21.5-150600.10.15.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP6:nginx-1.21.5-150600.10.15.1.ppc64le",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP6:nginx-1.21.5-150600.10.15.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP6:nginx-source-1.21.5-150600.10.15.1.noarch"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 3.7,
            "baseSeverity": "LOW",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Enterprise Module for Server Applications 15 SP7:nginx-1.21.5-150600.10.15.1.aarch64",
            "SUSE Linux Enterprise Module for Server Applications 15 SP7:nginx-1.21.5-150600.10.15.1.ppc64le",
            "SUSE Linux Enterprise Module for Server Applications 15 SP7:nginx-1.21.5-150600.10.15.1.s390x",
            "SUSE Linux Enterprise Module for Server Applications 15 SP7:nginx-1.21.5-150600.10.15.1.x86_64",
            "SUSE Linux Enterprise Module for Server Applications 15 SP7:nginx-source-1.21.5-150600.10.15.1.noarch",
            "SUSE Linux Enterprise Server 15 SP6-LTSS:nginx-1.21.5-150600.10.15.1.aarch64",
            "SUSE Linux Enterprise Server 15 SP6-LTSS:nginx-1.21.5-150600.10.15.1.ppc64le",
            "SUSE Linux Enterprise Server 15 SP6-LTSS:nginx-1.21.5-150600.10.15.1.s390x",
            "SUSE Linux Enterprise Server 15 SP6-LTSS:nginx-1.21.5-150600.10.15.1.x86_64",
            "SUSE Linux Enterprise Server 15 SP6-LTSS:nginx-source-1.21.5-150600.10.15.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP6:nginx-1.21.5-150600.10.15.1.ppc64le",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP6:nginx-1.21.5-150600.10.15.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP6:nginx-source-1.21.5-150600.10.15.1.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2026-05-08T08:58:17Z",
          "details": "low"
        }
      ],
      "title": "CVE-2026-28753"
    }
  ]
}

CVE-2026-27654 (GCVE-0-2026-27654)

Vulnerability from cvelistv5 – Published: 2026-03-24 14:13 – Updated: 2026-03-24 15:15

Title

NGINX ngx_http_dav_module vulnerability

Summary

NGINX Open Source and NGINX Plus have a vulnerability in the ngx_http_dav_module module that might allow an attacker to trigger a buffer overflow to the NGINX worker process; this vulnerability may result in termination of the NGINX worker process or modification of source or destination file names outside the document root. This issue affects NGINX Open Source and NGINX Plus when the configuration file uses DAV module MOVE or COPY methods, prefix location (nonregular expression location configuration), and alias directives. The integrity impact is constrained because the NGINX worker process user has low privileges and does not have access to the entire system. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

Severity ?

8.2 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H

8.8 (High)


                        
                          CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:H/SC:N/SI:N/SA:N

CWE

CWE-122 - Heap-based Buffer Overflow

Assigner

References

URL

Tags

https://my.f5.com/manage/s/article/K000160382

vendor-advisory

Impacted products

Vendor

Product

Version

NGINX Open Source

Affected: 1.29.0 , < 1.29.7 (semver)
Affected: 0.5.13 , < 1.28.3 (semver)

NGINX Plus

Affected: R36 , < R36 P3 (custom)
Affected: R35 , < R35 P2 (custom)
Affected: R34 , < * (custom)
Affected: R33 , < * (custom)
Affected: R32 , < R32 P5 (custom)

Date Public ?

2026-03-24 14:00

Credits

F5 acknowledges Calif.io in collaboration with Claude and Anthropic Research for bringing this issue to our attention and following the highest standards of coordinated disclosure.

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-27654",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-03-24T15:14:50.235649Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-03-24T15:15:00.495Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unknown",
          "modules": [
            "ngx_http_dav_module"
          ],
          "product": "NGINX Open Source",
          "vendor": "F5",
          "versions": [
            {
              "lessThan": "1.29.7",
              "status": "affected",
              "version": "1.29.0",
              "versionType": "semver"
            },
            {
              "lessThan": "1.28.3",
              "status": "affected",
              "version": "0.5.13",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "modules": [
            "ngx_http_dav_module"
          ],
          "product": "NGINX Plus",
          "vendor": "F5",
          "versions": [
            {
              "lessThan": "R36 P3",
              "status": "affected",
              "version": "R36",
              "versionType": "custom"
            },
            {
              "lessThan": "R35 P2",
              "status": "affected",
              "version": "R35",
              "versionType": "custom"
            },
            {
              "lessThan": "*",
              "status": "affected",
              "version": "R34",
              "versionType": "custom"
            },
            {
              "lessThan": "*",
              "status": "affected",
              "version": "R33",
              "versionType": "custom"
            },
            {
              "lessThan": "R32 P5",
              "status": "affected",
              "version": "R32",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "reporter",
          "value": "F5 acknowledges Calif.io in collaboration with Claude and Anthropic Research for bringing this issue to our attention and following the highest standards of coordinated disclosure."
        }
      ],
      "datePublic": "2026-03-24T14:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "NGINX Open Source and NGINX Plus have a vulnerability in the ngx_http_dav_module module that might allow an attacker to trigger a buffer overflow to the NGINX worker process; this vulnerability may result in termination of the NGINX worker process or modification of source or destination file names outside the document root. This issue affects NGINX Open Source and NGINX Plus when the configuration file uses DAV module MOVE or COPY methods, prefix location (nonregular expression location configuration), and alias directives. The integrity impact is constrained because the NGINX worker process user has low privileges and does not have access to the entire system. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated."
            }
          ],
          "value": "NGINX Open Source and NGINX Plus have a vulnerability in the ngx_http_dav_module module that might allow an attacker to trigger a buffer overflow to the NGINX worker process; this vulnerability may result in termination of the NGINX worker process or modification of source or destination file names outside the document root. This issue affects NGINX Open Source and NGINX Plus when the configuration file uses DAV module MOVE or COPY methods, prefix location (nonregular expression location configuration), and alias directives. The integrity impact is constrained because the NGINX worker process user has low privileges and does not have access to the entire system. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8.2,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        },
        {
          "cvssV4_0": {
            "Automatable": "NOT_DEFINED",
            "Recovery": "NOT_DEFINED",
            "Safety": "NOT_DEFINED",
            "attackComplexity": "LOW",
            "attackRequirements": "NONE",
            "attackVector": "NETWORK",
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "privilegesRequired": "NONE",
            "providerUrgency": "NOT_DEFINED",
            "subAvailabilityImpact": "NONE",
            "subConfidentialityImpact": "NONE",
            "subIntegrityImpact": "NONE",
            "userInteraction": "NONE",
            "valueDensity": "NOT_DEFINED",
            "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:H/SC:N/SI:N/SA:N",
            "version": "4.0",
            "vulnAvailabilityImpact": "HIGH",
            "vulnConfidentialityImpact": "NONE",
            "vulnIntegrityImpact": "LOW",
            "vulnerabilityResponseEffort": "NOT_DEFINED"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-122",
              "description": "CWE-122: Heap-based Buffer Overflow",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-03-24T14:32:07.177Z",
        "orgId": "9dacffd4-cb11-413f-8451-fbbfd4ddc0ab",
        "shortName": "f5"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://my.f5.com/manage/s/article/K000160382"
        }
      ],
      "source": {
        "discovery": "EXTERNAL"
      },
      "title": "NGINX ngx_http_dav_module vulnerability",
      "x_generator": {
        "engine": "F5 SIRTBot v1.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9dacffd4-cb11-413f-8451-fbbfd4ddc0ab",
    "assignerShortName": "f5",
    "cveId": "CVE-2026-27654",
    "datePublished": "2026-03-24T14:13:26.879Z",
    "dateReserved": "2026-03-18T16:06:38.448Z",
    "dateUpdated": "2026-03-24T15:15:00.495Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-28753 (GCVE-0-2026-28753)

Vulnerability from cvelistv5 – Published: 2026-03-24 14:13 – Updated: 2026-03-24 15:24

Title

NGINX ngx_mail_proxy_module vulnerability

Summary

NGINX Plus and NGINX Open Source have a vulnerability in the ngx_mail_smtp_module module due to the improper handling of CRLF sequences in DNS responses. This allows an attacker-controlled DNS server to inject arbitrary headers into SMTP upstream requests, leading to potential request manipulation. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

Severity ?

3.7 (Low)


                        
                          CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N

6.3 (Medium)


                        
                          CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N

CWE

CWE-93 - Improper Neutralization of CRLF Sequences ('CRLF Injection')

Assigner

References

URL

Tags

https://my.f5.com/manage/s/article/K000160367

vendor-advisory

Impacted products

Vendor

Product

Version

NGINX Open Source

Affected: 1.29.0 , < 1.29.7 (semver)
Affected: 0.6.27 , < 1.28.3 (semver)

NGINX Plus

Affected: R36 , < R36 P3 (custom)
Affected: R35 , < R35 P2 (custom)
Affected: R34 , < * (custom)
Affected: R33 , < * (custom)
Affected: R32 , < R32 P5 (custom)

Date Public ?

2026-03-24 14:00

Credits

Asim Viladi Oglu Manizada Colin Warren Xiao Liu (Yunnan University) Yuan Tan (UC Riverside) Bird Liu (Lanzhou University)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-28753",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-03-24T15:24:28.689685Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-03-24T15:24:34.995Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unknown",
          "modules": [
            "ngx_mail_proxy_module"
          ],
          "product": "NGINX Open Source",
          "vendor": "F5",
          "versions": [
            {
              "lessThan": "1.29.7",
              "status": "affected",
              "version": "1.29.0",
              "versionType": "semver"
            },
            {
              "lessThan": "1.28.3",
              "status": "affected",
              "version": "0.6.27",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "modules": [
            "ngx_mail_proxy_module"
          ],
          "product": "NGINX Plus",
          "vendor": "F5",
          "versions": [
            {
              "lessThan": "R36 P3",
              "status": "affected",
              "version": "R36",
              "versionType": "custom"
            },
            {
              "lessThan": "R35 P2",
              "status": "affected",
              "version": "R35",
              "versionType": "custom"
            },
            {
              "lessThan": "*",
              "status": "affected",
              "version": "R34",
              "versionType": "custom"
            },
            {
              "lessThan": "*",
              "status": "affected",
              "version": "R33",
              "versionType": "custom"
            },
            {
              "lessThan": "R32 P5",
              "status": "affected",
              "version": "R32",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "reporter",
          "value": "Asim Viladi Oglu Manizada"
        },
        {
          "lang": "en",
          "type": "reporter",
          "value": "Colin Warren"
        },
        {
          "lang": "en",
          "type": "reporter",
          "value": "Xiao Liu (Yunnan University)"
        },
        {
          "lang": "en",
          "type": "reporter",
          "value": "Yuan Tan (UC Riverside)"
        },
        {
          "lang": "en",
          "type": "reporter",
          "value": "Bird Liu (Lanzhou University)"
        }
      ],
      "datePublic": "2026-03-24T14:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "NGINX Plus and NGINX Open Source have a vulnerability in the ngx_mail_smtp_module module due to the improper handling of CRLF sequences in DNS responses. This allows an attacker-controlled DNS server to inject arbitrary headers into SMTP upstream requests, leading to potential request manipulation. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated."
            }
          ],
          "value": "NGINX Plus and NGINX Open Source have a vulnerability in the ngx_mail_smtp_module module due to the improper handling of CRLF sequences in DNS responses. This allows an attacker-controlled DNS server to inject arbitrary headers into SMTP upstream requests, leading to potential request manipulation. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 3.7,
            "baseSeverity": "LOW",
            "confidentialityImpact": "NONE",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        },
        {
          "cvssV4_0": {
            "Automatable": "NOT_DEFINED",
            "Recovery": "NOT_DEFINED",
            "Safety": "NOT_DEFINED",
            "attackComplexity": "HIGH",
            "attackRequirements": "PRESENT",
            "attackVector": "NETWORK",
            "baseScore": 6.3,
            "baseSeverity": "MEDIUM",
            "privilegesRequired": "NONE",
            "providerUrgency": "NOT_DEFINED",
            "subAvailabilityImpact": "NONE",
            "subConfidentialityImpact": "NONE",
            "subIntegrityImpact": "NONE",
            "userInteraction": "NONE",
            "valueDensity": "NOT_DEFINED",
            "vectorString": "CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N",
            "version": "4.0",
            "vulnAvailabilityImpact": "NONE",
            "vulnConfidentialityImpact": "NONE",
            "vulnIntegrityImpact": "LOW",
            "vulnerabilityResponseEffort": "NOT_DEFINED"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-93",
              "description": "CWE-93 Improper Neutralization of CRLF Sequences (\u0027CRLF Injection\u0027)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-03-24T14:49:49.169Z",
        "orgId": "9dacffd4-cb11-413f-8451-fbbfd4ddc0ab",
        "shortName": "f5"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://my.f5.com/manage/s/article/K000160367"
        }
      ],
      "source": {
        "discovery": "EXTERNAL"
      },
      "title": "NGINX ngx_mail_proxy_module vulnerability",
      "x_generator": {
        "engine": "F5 SIRTBot v1.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9dacffd4-cb11-413f-8451-fbbfd4ddc0ab",
    "assignerShortName": "f5",
    "cveId": "CVE-2026-28753",
    "datePublished": "2026-03-24T14:13:26.107Z",
    "dateReserved": "2026-03-18T16:06:38.435Z",
    "dateUpdated": "2026-03-24T15:24:34.995Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-27784 (GCVE-0-2026-27784)

Vulnerability from cvelistv5 – Published: 2026-03-24 14:13 – Updated: 2026-03-25 14:09

Title

NGINX ngx_http_mp4_module vulnerability

Summary

The 32-bit implementation of NGINX Open Source has a vulnerability in the ngx_http_mp4_module module, which might allow an attacker to over-read or over-write NGINX worker memory resulting in its termination, using a specially crafted MP4 file. The issue only affects 32-bit NGINX Open Source if it is built with the ngx_http_mp4_module module and the mp4 directive is used in the configuration file. Additionally, the attack is possible only if an attacker can trigger the processing of a specially crafted MP4 file with the ngx_http_mp4_module module. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

Severity ?

7.8 (High)


                        
                          CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

8.5 (High)


                        
                          CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

CWE

CWE-190 - Integer Overflow or Wraparound

Assigner

References

URL

Tags

https://my.f5.com/manage/s/article/K000160364

vendor-advisory

Impacted products

	Vendor	Product	Version
	F5	NGINX Open Source	Affected: 1.29.0 , < 1.29.7 (semver) Affected: 1.1.19 , < 1.28.3 (semver)

Date Public ?

2026-03-24 14:00

Credits

F5 acknowledges Prabhav Srinath (sprabhav7) for bringing this issue to our attention and following the highest standards of coordinated disclosure.

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-27784",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-03-25T03:55:53.601160Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-03-25T14:09:53.726Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unknown",
          "modules": [
            "ngx_http_mp4_module"
          ],
          "product": "NGINX Open Source",
          "vendor": "F5",
          "versions": [
            {
              "lessThan": "1.29.7",
              "status": "affected",
              "version": "1.29.0",
              "versionType": "semver"
            },
            {
              "lessThan": "1.28.3",
              "status": "affected",
              "version": "1.1.19",
              "versionType": "semver"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "reporter",
          "value": "F5 acknowledges Prabhav Srinath (sprabhav7) for bringing this issue to our attention and following the highest standards of coordinated disclosure."
        }
      ],
      "datePublic": "2026-03-24T14:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "The 32-bit implementation of NGINX Open Source has a vulnerability in the ngx_http_mp4_module module, which might allow an attacker to over-read or over-write NGINX worker memory resulting in its termination, using a specially crafted MP4 file. The issue only affects 32-bit NGINX Open Source if it is built with the ngx_http_mp4_module module and the mp4 directive is used in the configuration file. Additionally, the attack is possible only if an attacker can trigger the processing of a specially crafted MP4 file with the ngx_http_mp4_module module. \n\n\nNote: Software versions which have reached End of Technical Support (EoTS) are not evaluated."
            }
          ],
          "value": "The 32-bit implementation of NGINX Open Source has a vulnerability in the ngx_http_mp4_module module, which might allow an attacker to over-read or over-write NGINX worker memory resulting in its termination, using a specially crafted MP4 file. The issue only affects 32-bit NGINX Open Source if it is built with the ngx_http_mp4_module module and the mp4 directive is used in the configuration file. Additionally, the attack is possible only if an attacker can trigger the processing of a specially crafted MP4 file with the ngx_http_mp4_module module. \n\n\nNote: Software versions which have reached End of Technical Support (EoTS) are not evaluated."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        },
        {
          "cvssV4_0": {
            "Automatable": "NOT_DEFINED",
            "Recovery": "NOT_DEFINED",
            "Safety": "NOT_DEFINED",
            "attackComplexity": "LOW",
            "attackRequirements": "NONE",
            "attackVector": "LOCAL",
            "baseScore": 8.5,
            "baseSeverity": "HIGH",
            "privilegesRequired": "LOW",
            "providerUrgency": "NOT_DEFINED",
            "subAvailabilityImpact": "NONE",
            "subConfidentialityImpact": "NONE",
            "subIntegrityImpact": "NONE",
            "userInteraction": "NONE",
            "valueDensity": "NOT_DEFINED",
            "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
            "version": "4.0",
            "vulnAvailabilityImpact": "HIGH",
            "vulnConfidentialityImpact": "HIGH",
            "vulnIntegrityImpact": "HIGH",
            "vulnerabilityResponseEffort": "NOT_DEFINED"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-190",
              "description": "CWE-190 Integer Overflow or Wraparound",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-03-24T14:36:46.530Z",
        "orgId": "9dacffd4-cb11-413f-8451-fbbfd4ddc0ab",
        "shortName": "f5"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://my.f5.com/manage/s/article/K000160364"
        }
      ],
      "source": {
        "discovery": "EXTERNAL"
      },
      "title": "NGINX ngx_http_mp4_module vulnerability",
      "x_generator": {
        "engine": "F5 SIRTBot v1.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9dacffd4-cb11-413f-8451-fbbfd4ddc0ab",
    "assignerShortName": "f5",
    "cveId": "CVE-2026-27784",
    "datePublished": "2026-03-24T14:13:25.343Z",
    "dateReserved": "2026-03-18T16:06:38.416Z",
    "dateUpdated": "2026-03-25T14:09:53.726Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-1642 (GCVE-0-2026-1642)

Vulnerability from cvelistv5 – Published: 2026-02-04 15:02 – Updated: 2026-02-05 05:25

Title

NGINX vulnerability

Summary

A vulnerability exists in NGINX OSS and NGINX Plus when configured to proxy to upstream Transport Layer Security (TLS) servers. An attacker with a man-in-the-middle (MITM) position on the upstream server side—along with conditions beyond the attacker's control—may be able to inject plain text data into the response from an upstream proxied server. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

Severity ?

5.9 (Medium)


                        
                          CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

8.2 (High)


                        
                          CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N

CWE

CWE-349 - Acceptance of Extraneous Untrusted Data With Trusted Data

Assigner

References

URL

Tags

https://my.f5.com/manage/s/article/K000159824

vendor-advisory

Impacted products

Vendor

Product

Version

NGINX Open Source

Affected: 1.3.0 , < 1.29.5 (semver)

NGINX Plus

Affected: R36 , < R36 P2 (custom)
Affected: R35 , < R35 P1 (custom)
Affected: R34 , < * (custom)
Affected: R33 , < * (custom)
Affected: R32 , < R32 P4 (custom)

Date Public ?

2026-02-04 15:00

Credits

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-1642",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-02-04T16:01:47.913148Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-02-04T16:02:24.781Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2026-02-05T05:25:39.303Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "http://www.openwall.com/lists/oss-security/2026/02/05/1"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unknown",
          "product": "NGINX Open Source",
          "vendor": "F5",
          "versions": [
            {
              "changes": [
                {
                  "at": "1.28.2",
                  "status": "unaffected"
                }
              ],
              "lessThan": "1.29.5",
              "status": "affected",
              "version": "1.3.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "NGINX Plus",
          "vendor": "F5",
          "versions": [
            {
              "lessThan": "R36 P2",
              "status": "affected",
              "version": "R36",
              "versionType": "custom"
            },
            {
              "lessThan": "R35 P1",
              "status": "affected",
              "version": "R35",
              "versionType": "custom"
            },
            {
              "lessThan": "*",
              "status": "affected",
              "version": "R34",
              "versionType": "custom"
            },
            {
              "lessThan": "*",
              "status": "affected",
              "version": "R33",
              "versionType": "custom"
            },
            {
              "lessThan": "R32 P4",
              "status": "affected",
              "version": "R32",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "F5"
        }
      ],
      "datePublic": "2026-02-04T15:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eA vulnerability exists in NGINX OSS and NGINX Plus when configured to proxy to upstream Transport Layer Security (TLS) servers. An attacker with a man-in-the-middle (MITM) position on the upstream server side\u2014along with conditions beyond the attacker\u0027s control\u2014may be able to inject plain text data into the response from an upstream proxied server.\u0026nbsp;\u0026nbsp;\u003c/span\u003e\u003c/span\u003eNote: Software versions which have reached End of Technical Support (EoTS) are not evaluated.\n\n\u003c/span\u003e\u003cbr\u003e"
            }
          ],
          "value": "A vulnerability exists in NGINX OSS and NGINX Plus when configured to proxy to upstream Transport Layer Security (TLS) servers. An attacker with a man-in-the-middle (MITM) position on the upstream server side\u2014along with conditions beyond the attacker\u0027s control\u2014may be able to inject plain text data into the response from an upstream proxied server.\u00a0\u00a0Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 5.9,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        },
        {
          "cvssV4_0": {
            "Automatable": "NOT_DEFINED",
            "Recovery": "NOT_DEFINED",
            "Safety": "NOT_DEFINED",
            "attackComplexity": "LOW",
            "attackRequirements": "PRESENT",
            "attackVector": "NETWORK",
            "baseScore": 8.2,
            "baseSeverity": "HIGH",
            "privilegesRequired": "NONE",
            "providerUrgency": "NOT_DEFINED",
            "subAvailabilityImpact": "NONE",
            "subConfidentialityImpact": "NONE",
            "subIntegrityImpact": "NONE",
            "userInteraction": "NONE",
            "valueDensity": "NOT_DEFINED",
            "vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N",
            "version": "4.0",
            "vulnAvailabilityImpact": "NONE",
            "vulnConfidentialityImpact": "NONE",
            "vulnIntegrityImpact": "HIGH",
            "vulnerabilityResponseEffort": "NOT_DEFINED"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-349",
              "description": "CWE-349: Acceptance of Extraneous Untrusted Data With Trusted Data",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-02-04T15:02:06.154Z",
        "orgId": "9dacffd4-cb11-413f-8451-fbbfd4ddc0ab",
        "shortName": "f5"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://my.f5.com/manage/s/article/K000159824"
        }
      ],
      "source": {
        "discovery": "INTERNAL"
      },
      "title": "NGINX vulnerability",
      "x_generator": {
        "engine": "F5 SIRTBot v1.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9dacffd4-cb11-413f-8451-fbbfd4ddc0ab",
    "assignerShortName": "f5",
    "cveId": "CVE-2026-1642",
    "datePublished": "2026-02-04T15:02:06.154Z",
    "dateReserved": "2026-01-29T18:26:26.996Z",
    "dateUpdated": "2026-02-05T05:25:39.303Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.

Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.

Sightings

Author	Source	Type	Date	Other

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

SUSE-SU-2026:1761-1

CVE-2026-27654 (GCVE-0-2026-27654)

CVE-2026-28753 (GCVE-0-2026-28753)

CVE-2026-27784 (GCVE-0-2026-27784)

CVE-2026-1642 (GCVE-0-2026-1642)

Tags

Sightings

Nomenclature