Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2026-28753 (GCVE-0-2026-28753)
Vulnerability from cvelistv5 – Published: 2026-03-24 14:13 – Updated: 2026-03-24 15:24
VLAI
EPSS
Title
NGINX ngx_mail_proxy_module vulnerability
Summary
NGINX Plus and NGINX Open Source have a vulnerability in the ngx_mail_smtp_module module due to the improper handling of CRLF sequences in DNS responses. This allows an attacker-controlled DNS server to inject arbitrary headers into SMTP upstream requests, leading to potential request manipulation. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-93 - Improper Neutralization of CRLF Sequences ('CRLF Injection')
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://my.f5.com/manage/s/article/K000160367 | vendor-advisory |
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| F5 | NGINX Open Source |
Affected:
1.29.0 , < 1.29.7
(semver)
Affected: 0.6.27 , < 1.28.3 (semver) |
|
| F5 | NGINX Plus |
Affected:
R36 , < R36 P3
(custom)
Affected: R35 , < R35 P2 (custom) Affected: R34 , < * (custom) Affected: R33 , < * (custom) Affected: R32 , < R32 P5 (custom) |
Date Public
2026-03-24 14:00
Credits
Asim Viladi Oglu Manizada
Colin Warren
Xiao Liu (Yunnan University)
Yuan Tan (UC Riverside)
Bird Liu (Lanzhou University)
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-28753",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-03-24T15:24:28.689685Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-03-24T15:24:34.995Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"modules": [
"ngx_mail_proxy_module"
],
"product": "NGINX Open Source",
"vendor": "F5",
"versions": [
{
"lessThan": "1.29.7",
"status": "affected",
"version": "1.29.0",
"versionType": "semver"
},
{
"lessThan": "1.28.3",
"status": "affected",
"version": "0.6.27",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unknown",
"modules": [
"ngx_mail_proxy_module"
],
"product": "NGINX Plus",
"vendor": "F5",
"versions": [
{
"lessThan": "R36 P3",
"status": "affected",
"version": "R36",
"versionType": "custom"
},
{
"lessThan": "R35 P2",
"status": "affected",
"version": "R35",
"versionType": "custom"
},
{
"lessThan": "*",
"status": "affected",
"version": "R34",
"versionType": "custom"
},
{
"lessThan": "*",
"status": "affected",
"version": "R33",
"versionType": "custom"
},
{
"lessThan": "R32 P5",
"status": "affected",
"version": "R32",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "Asim Viladi Oglu Manizada"
},
{
"lang": "en",
"type": "reporter",
"value": "Colin Warren"
},
{
"lang": "en",
"type": "reporter",
"value": "Xiao Liu (Yunnan University)"
},
{
"lang": "en",
"type": "reporter",
"value": "Yuan Tan (UC Riverside)"
},
{
"lang": "en",
"type": "reporter",
"value": "Bird Liu (Lanzhou University)"
}
],
"datePublic": "2026-03-24T14:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "NGINX Plus and NGINX Open Source have a vulnerability in the ngx_mail_smtp_module module due to the improper handling of CRLF sequences in DNS responses. This allows an attacker-controlled DNS server to inject arbitrary headers into SMTP upstream requests, leading to potential request manipulation. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated."
}
],
"value": "NGINX Plus and NGINX Open Source have a vulnerability in the ngx_mail_smtp_module module due to the improper handling of CRLF sequences in DNS responses. This allows an attacker-controlled DNS server to inject arbitrary headers into SMTP upstream requests, leading to potential request manipulation. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.7,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
},
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "HIGH",
"attackRequirements": "PRESENT",
"attackVector": "NETWORK",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "LOW",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-93",
"description": "CWE-93 Improper Neutralization of CRLF Sequences (\u0027CRLF Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-03-24T14:49:49.169Z",
"orgId": "9dacffd4-cb11-413f-8451-fbbfd4ddc0ab",
"shortName": "f5"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://my.f5.com/manage/s/article/K000160367"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "NGINX ngx_mail_proxy_module vulnerability",
"x_generator": {
"engine": "F5 SIRTBot v1.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "9dacffd4-cb11-413f-8451-fbbfd4ddc0ab",
"assignerShortName": "f5",
"cveId": "CVE-2026-28753",
"datePublished": "2026-03-24T14:13:26.107Z",
"dateReserved": "2026-03-18T16:06:38.435Z",
"dateUpdated": "2026-03-24T15:24:34.995Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2",
"vulnerability-lookup:meta": {
"epss": {
"cve": "CVE-2026-28753",
"date": "2026-06-03",
"epss": "0.00031",
"percentile": "0.09246"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2026-28753\",\"sourceIdentifier\":\"f5sirt@f5.com\",\"published\":\"2026-03-24T15:16:33.560\",\"lastModified\":\"2026-03-26T21:15:24.053\",\"vulnStatus\":\"Analyzed\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"NGINX Plus and NGINX Open Source have a vulnerability in the ngx_mail_smtp_module module due to the improper handling of CRLF sequences in DNS responses. This allows an attacker-controlled DNS server to inject arbitrary headers into SMTP upstream requests, leading to potential request manipulation. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.\"},{\"lang\":\"es\",\"value\":\"NGINX Plus y NGINX Open Source tienen una vulnerabilidad en el m\u00f3dulo ngx_mail_smtp_module debido al manejo inadecuado de secuencias CRLF en las respuestas DNS. Esto permite a un servidor DNS controlado por el atacante inyectar encabezados arbitrarios en las solicitudes upstream SMTP, lo que lleva a una posible manipulaci\u00f3n de solicitudes. Nota: Las versiones de software que han alcanzado el Fin de Soporte T\u00e9cnico (EoTS) no son evaluadas.\"}],\"metrics\":{\"cvssMetricV40\":[{\"source\":\"f5sirt@f5.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"4.0\",\"vectorString\":\"CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X\",\"baseScore\":6.3,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"HIGH\",\"attackRequirements\":\"PRESENT\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"vulnConfidentialityImpact\":\"NONE\",\"vulnIntegrityImpact\":\"LOW\",\"vulnAvailabilityImpact\":\"NONE\",\"subConfidentialityImpact\":\"NONE\",\"subIntegrityImpact\":\"NONE\",\"subAvailabilityImpact\":\"NONE\",\"exploitMaturity\":\"NOT_DEFINED\",\"confidentialityRequirement\":\"NOT_DEFINED\",\"integrityRequirement\":\"NOT_DEFINED\",\"availabilityRequirement\":\"NOT_DEFINED\",\"modifiedAttackVector\":\"NOT_DEFINED\",\"modifiedAttackComplexity\":\"NOT_DEFINED\",\"modifiedAttackRequirements\":\"NOT_DEFINED\",\"modifiedPrivilegesRequired\":\"NOT_DEFINED\",\"modifiedUserInteraction\":\"NOT_DEFINED\",\"modifiedVulnConfidentialityImpact\":\"NOT_DEFINED\",\"modifiedVulnIntegrityImpact\":\"NOT_DEFINED\",\"modifiedVulnAvailabilityImpact\":\"NOT_DEFINED\",\"modifiedSubConfidentialityImpact\":\"NOT_DEFINED\",\"modifiedSubIntegrityImpact\":\"NOT_DEFINED\",\"modifiedSubAvailabilityImpact\":\"NOT_DEFINED\",\"Safety\":\"NOT_DEFINED\",\"Automatable\":\"NOT_DEFINED\",\"Recovery\":\"NOT_DEFINED\",\"valueDensity\":\"NOT_DEFINED\",\"vulnerabilityResponseEffort\":\"NOT_DEFINED\",\"providerUrgency\":\"NOT_DEFINED\"}}],\"cvssMetricV31\":[{\"source\":\"f5sirt@f5.com\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N\",\"baseScore\":3.7,\"baseSeverity\":\"LOW\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"HIGH\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"LOW\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":2.2,\"impactScore\":1.4}]},\"weaknesses\":[{\"source\":\"f5sirt@f5.com\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-93\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:nginx_plus:r32:p1:*:*:*:*:*:*\",\"matchCriteriaId\":\"FA913184-EAAD-409E-99C6-AB979DAA93F3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:nginx_plus:r32:p2:*:*:*:*:*:*\",\"matchCriteriaId\":\"782DF180-1101-4D6A-A1D7-8DADBAF6D9D3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:nginx_plus:r32:p3:*:*:*:*:*:*\",\"matchCriteriaId\":\"FB0B11F2-4748-492B-9906-F8C4C5EAFF12\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:nginx_plus:r32:p4:*:*:*:*:*:*\",\"matchCriteriaId\":\"86B53968-1CCA-4CF3-8454-BB92EF64D10E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:nginx_plus:r33:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4F58BD02-EA76-4F32-87D6-430026C8553E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:nginx_plus:r33:p1:*:*:*:*:*:*\",\"matchCriteriaId\":\"46DC49B8-7286-4867-9CDA-1C1B469CD304\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:nginx_plus:r33:p2:*:*:*:*:*:*\",\"matchCriteriaId\":\"43477C2E-7485-4146-B25C-F58D632CD85B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:nginx_plus:r33:p3:*:*:*:*:*:*\",\"matchCriteriaId\":\"6A25B9CF-02C0-42DE-9C70-F2AD3ACE3CEB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:nginx_plus:r34:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"86358605-55F9-4F6F-846A-3F48738F6E05\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:nginx_plus:r34:p1:*:*:*:*:*:*\",\"matchCriteriaId\":\"7453D683-FCA7-46EE-BE49-5FD9A01D7F87\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:nginx_plus:r34:p2:*:*:*:*:*:*\",\"matchCriteriaId\":\"A977BF9F-D165-4B93-B4D2-A177883A5E75\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:nginx_plus:r35:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C643CEF2-F421-4E2C-AD39-51CE820F2238\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:nginx_plus:r35:p1:*:*:*:*:*:*\",\"matchCriteriaId\":\"4958360C-7993-4C82-8685-202D4940CE01\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:nginx_plus:r36:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"942CA349-3FF8-4B9D-B87E-FBA8930CE913\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:nginx_plus:r36:p1:*:*:*:*:*:*\",\"matchCriteriaId\":\"7993A0FB-BE7E-4634-BF7F-FDEE3582D3E7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:nginx_plus:r36:p2:*:*:*:*:*:*\",\"matchCriteriaId\":\"862EA47E-8D57-434E-9C8F-238325FB85B2\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:nginx_open_source:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"0.6.27\",\"versionEndIncluding\":\"0.9.7\",\"matchCriteriaId\":\"DAFF8985-B90A-4E7F-8EB6-7DBD9779CEE6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:nginx_open_source:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"1.0.0\",\"versionEndExcluding\":\"1.28.3\",\"matchCriteriaId\":\"0E8049B1-4C36-4711-BB99-2721CF67FF81\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:nginx_open_source:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"1.29.0\",\"versionEndExcluding\":\"1.29.7\",\"matchCriteriaId\":\"C0EFE28B-E8E5-464E-B407-96436CA87C8E\"}]}]}],\"references\":[{\"url\":\"https://my.f5.com/manage/s/article/K000160367\",\"source\":\"f5sirt@f5.com\",\"tags\":[\"Vendor Advisory\"]}]}}",
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2026-28753\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2026-03-24T15:24:28.689685Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2026-03-24T15:24:31.847Z\"}}], \"cna\": {\"title\": \"NGINX ngx_mail_proxy_module vulnerability\", \"source\": {\"discovery\": \"EXTERNAL\"}, \"credits\": [{\"lang\": \"en\", \"type\": \"reporter\", \"value\": \"Asim Viladi Oglu Manizada\"}, {\"lang\": \"en\", \"type\": \"reporter\", \"value\": \"Colin Warren\"}, {\"lang\": \"en\", \"type\": \"reporter\", \"value\": \"Xiao Liu (Yunnan University)\"}, {\"lang\": \"en\", \"type\": \"reporter\", \"value\": \"Yuan Tan (UC Riverside)\"}, {\"lang\": \"en\", \"type\": \"reporter\", \"value\": \"Bird Liu (Lanzhou University)\"}], \"metrics\": [{\"format\": \"CVSS\", \"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 3.7, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"LOW\", \"vectorString\": \"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N\", \"integrityImpact\": \"LOW\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"HIGH\", \"availabilityImpact\": \"NONE\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"NONE\"}, \"scenarios\": [{\"lang\": \"en\", \"value\": \"GENERAL\"}]}, {\"format\": \"CVSS\", \"cvssV4_0\": {\"Safety\": \"NOT_DEFINED\", \"version\": \"4.0\", \"Recovery\": \"NOT_DEFINED\", \"baseScore\": 6.3, \"Automatable\": \"NOT_DEFINED\", \"attackVector\": \"NETWORK\", \"baseSeverity\": \"MEDIUM\", \"valueDensity\": \"NOT_DEFINED\", \"vectorString\": \"CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N\", \"providerUrgency\": \"NOT_DEFINED\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"HIGH\", \"attackRequirements\": \"PRESENT\", \"privilegesRequired\": \"NONE\", \"subIntegrityImpact\": \"NONE\", \"vulnIntegrityImpact\": \"LOW\", \"subAvailabilityImpact\": \"NONE\", \"vulnAvailabilityImpact\": \"NONE\", \"subConfidentialityImpact\": \"NONE\", \"vulnConfidentialityImpact\": \"NONE\", \"vulnerabilityResponseEffort\": \"NOT_DEFINED\"}, \"scenarios\": [{\"lang\": \"en\", \"value\": \"GENERAL\"}]}], \"affected\": [{\"vendor\": \"F5\", \"modules\": [\"ngx_mail_proxy_module\"], \"product\": \"NGINX Open Source\", \"versions\": [{\"status\": \"affected\", \"version\": \"1.29.0\", \"lessThan\": \"1.29.7\", \"versionType\": \"semver\"}, {\"status\": \"affected\", \"version\": \"0.6.27\", \"lessThan\": \"1.28.3\", \"versionType\": \"semver\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"F5\", \"modules\": [\"ngx_mail_proxy_module\"], \"product\": \"NGINX Plus\", \"versions\": [{\"status\": \"affected\", \"version\": \"R36\", \"lessThan\": \"R36 P3\", \"versionType\": \"custom\"}, {\"status\": \"affected\", \"version\": \"R35\", \"lessThan\": \"R35 P2\", \"versionType\": \"custom\"}, {\"status\": \"affected\", \"version\": \"R34\", \"lessThan\": \"*\", \"versionType\": \"custom\"}, {\"status\": \"affected\", \"version\": \"R33\", \"lessThan\": \"*\", \"versionType\": \"custom\"}, {\"status\": \"affected\", \"version\": \"R32\", \"lessThan\": \"R32 P5\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}], \"datePublic\": \"2026-03-24T14:00:00.000Z\", \"references\": [{\"url\": \"https://my.f5.com/manage/s/article/K000160367\", \"tags\": [\"vendor-advisory\"]}], \"x_generator\": {\"engine\": \"F5 SIRTBot v1.0\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"NGINX Plus and NGINX Open Source have a vulnerability in the ngx_mail_smtp_module module due to the improper handling of CRLF sequences in DNS responses. This allows an attacker-controlled DNS server to inject arbitrary headers into SMTP upstream requests, leading to potential request manipulation. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"NGINX Plus and NGINX Open Source have a vulnerability in the ngx_mail_smtp_module module due to the improper handling of CRLF sequences in DNS responses. This allows an attacker-controlled DNS server to inject arbitrary headers into SMTP upstream requests, leading to potential request manipulation. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.\", \"base64\": false}]}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-93\", \"description\": \"CWE-93 Improper Neutralization of CRLF Sequences (\u0027CRLF Injection\u0027)\"}]}], \"providerMetadata\": {\"orgId\": \"9dacffd4-cb11-413f-8451-fbbfd4ddc0ab\", \"shortName\": \"f5\", \"dateUpdated\": \"2026-03-24T14:49:49.169Z\"}}}",
"cveMetadata": "{\"cveId\": \"CVE-2026-28753\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2026-03-24T15:24:34.995Z\", \"dateReserved\": \"2026-03-18T16:06:38.435Z\", \"assignerOrgId\": \"9dacffd4-cb11-413f-8451-fbbfd4ddc0ab\", \"datePublished\": \"2026-03-24T14:13:26.107Z\", \"assignerShortName\": \"f5\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
}
}
SUSE-SU-2026:21823-1
Vulnerability from csaf_suse - Published: 2026-05-19 17:20 - Updated: 2026-05-19 17:20Summary
Security update for nginx
Severity
Important
Notes
Title of the patch: Security update for nginx
Description of the patch: This update for nginx fixes the following issues:
- CVE-2026-1642: plain text data injection into the response from an upstream proxied server (bsc#1257675).
- CVE-2026-27654: buffer overflow in the NGINX worker process via the `ngx_http_dav_module module` (bsc#1260416).
- CVE-2026-27784: NGINX worker memory over-read or over-write via a specially crafted MP4 file (bsc#1260417).
- CVE-2026-28753: improper handling onf CRLF sequences in CRLF responses allows for arbitrary header injection into SMTP
upstream requests (bsc#1260418).
- CVE-2026-28755: TLS handshakes can succeed with revoked certificates due to improper handling of such certificates by
the `ngx_stream_ssl_module` module (bsc#1260419).
Patchnames: SUSE-SLES-16.0-790
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
5.9 (Medium)
Affected products
Recommended
10 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nginx-1.27.2-160000.3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nginx-1.27.2-160000.3.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nginx-1.27.2-160000.3.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nginx-1.27.2-160000.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nginx-source-1.27.2-160000.3.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nginx-1.27.2-160000.3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nginx-1.27.2-160000.3.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nginx-1.27.2-160000.3.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nginx-1.27.2-160000.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nginx-source-1.27.2-160000.3.1.noarch | — |
Vendor Fix
|
Threats
Impact
moderate
8.2 (High)
Affected products
Recommended
10 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nginx-1.27.2-160000.3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nginx-1.27.2-160000.3.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nginx-1.27.2-160000.3.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nginx-1.27.2-160000.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nginx-source-1.27.2-160000.3.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nginx-1.27.2-160000.3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nginx-1.27.2-160000.3.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nginx-1.27.2-160000.3.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nginx-1.27.2-160000.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nginx-source-1.27.2-160000.3.1.noarch | — |
Vendor Fix
|
Threats
Impact
important
7.8 (High)
Affected products
Recommended
10 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nginx-1.27.2-160000.3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nginx-1.27.2-160000.3.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nginx-1.27.2-160000.3.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nginx-1.27.2-160000.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nginx-source-1.27.2-160000.3.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nginx-1.27.2-160000.3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nginx-1.27.2-160000.3.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nginx-1.27.2-160000.3.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nginx-1.27.2-160000.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nginx-source-1.27.2-160000.3.1.noarch | — |
Vendor Fix
|
Threats
Impact
important
Affected products
Recommended
10 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nginx-1.27.2-160000.3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nginx-1.27.2-160000.3.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nginx-1.27.2-160000.3.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nginx-1.27.2-160000.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nginx-source-1.27.2-160000.3.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nginx-1.27.2-160000.3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nginx-1.27.2-160000.3.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nginx-1.27.2-160000.3.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nginx-1.27.2-160000.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nginx-source-1.27.2-160000.3.1.noarch | — |
Vendor Fix
|
Threats
Impact
low
5.4 (Medium)
Affected products
Recommended
10 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nginx-1.27.2-160000.3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nginx-1.27.2-160000.3.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nginx-1.27.2-160000.3.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nginx-1.27.2-160000.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nginx-source-1.27.2-160000.3.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nginx-1.27.2-160000.3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nginx-1.27.2-160000.3.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nginx-1.27.2-160000.3.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nginx-1.27.2-160000.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nginx-source-1.27.2-160000.3.1.noarch | — |
Vendor Fix
|
Threats
Impact
moderate
References
24 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for nginx",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for nginx fixes the following issues:\n\n- CVE-2026-1642: plain text data injection into the response from an upstream proxied server (bsc#1257675).\n- CVE-2026-27654: buffer overflow in the NGINX worker process via the `ngx_http_dav_module module` (bsc#1260416).\n- CVE-2026-27784: NGINX worker memory over-read or over-write via a specially crafted MP4 file (bsc#1260417).\n- CVE-2026-28753: improper handling onf CRLF sequences in CRLF responses allows for arbitrary header injection into SMTP\n upstream requests (bsc#1260418).\n- CVE-2026-28755: TLS handshakes can succeed with revoked certificates due to improper handling of such certificates by\n the `ngx_stream_ssl_module` module (bsc#1260419).\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-SLES-16.0-790",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2026_21823-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2026:21823-1",
"url": "https://www.suse.com/support/update/announcement/2026/suse-su-202621823-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2026:21823-1",
"url": "https://lists.suse.com/pipermail/sle-updates/2026-May/046790.html"
},
{
"category": "self",
"summary": "SUSE Bug 1257675",
"url": "https://bugzilla.suse.com/1257675"
},
{
"category": "self",
"summary": "SUSE Bug 1260416",
"url": "https://bugzilla.suse.com/1260416"
},
{
"category": "self",
"summary": "SUSE Bug 1260417",
"url": "https://bugzilla.suse.com/1260417"
},
{
"category": "self",
"summary": "SUSE Bug 1260418",
"url": "https://bugzilla.suse.com/1260418"
},
{
"category": "self",
"summary": "SUSE Bug 1260419",
"url": "https://bugzilla.suse.com/1260419"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-1642 page",
"url": "https://www.suse.com/security/cve/CVE-2026-1642/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-27654 page",
"url": "https://www.suse.com/security/cve/CVE-2026-27654/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-27784 page",
"url": "https://www.suse.com/security/cve/CVE-2026-27784/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-28753 page",
"url": "https://www.suse.com/security/cve/CVE-2026-28753/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-28755 page",
"url": "https://www.suse.com/security/cve/CVE-2026-28755/"
}
],
"title": "Security update for nginx",
"tracking": {
"current_release_date": "2026-05-19T17:20:21Z",
"generator": {
"date": "2026-05-19T17:20:21Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2026:21823-1",
"initial_release_date": "2026-05-19T17:20:21Z",
"revision_history": [
{
"date": "2026-05-19T17:20:21Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "nginx-1.27.2-160000.3.1.aarch64",
"product": {
"name": "nginx-1.27.2-160000.3.1.aarch64",
"product_id": "nginx-1.27.2-160000.3.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "nginx-source-1.27.2-160000.3.1.noarch",
"product": {
"name": "nginx-source-1.27.2-160000.3.1.noarch",
"product_id": "nginx-source-1.27.2-160000.3.1.noarch"
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "nginx-1.27.2-160000.3.1.ppc64le",
"product": {
"name": "nginx-1.27.2-160000.3.1.ppc64le",
"product_id": "nginx-1.27.2-160000.3.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "nginx-1.27.2-160000.3.1.s390x",
"product": {
"name": "nginx-1.27.2-160000.3.1.s390x",
"product_id": "nginx-1.27.2-160000.3.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "nginx-1.27.2-160000.3.1.x86_64",
"product": {
"name": "nginx-1.27.2-160000.3.1.x86_64",
"product_id": "nginx-1.27.2-160000.3.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server 16.0",
"product": {
"name": "SUSE Linux Enterprise Server 16.0",
"product_id": "SUSE Linux Enterprise Server 16.0",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles:16:16.0:server"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server for SAP applications 16.0",
"product": {
"name": "SUSE Linux Enterprise Server for SAP applications 16.0",
"product_id": "SUSE Linux Enterprise Server for SAP applications 16.0",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles:16:16.0:server-sap"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "nginx-1.27.2-160000.3.1.aarch64 as component of SUSE Linux Enterprise Server 16.0",
"product_id": "SUSE Linux Enterprise Server 16.0:nginx-1.27.2-160000.3.1.aarch64"
},
"product_reference": "nginx-1.27.2-160000.3.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nginx-1.27.2-160000.3.1.ppc64le as component of SUSE Linux Enterprise Server 16.0",
"product_id": "SUSE Linux Enterprise Server 16.0:nginx-1.27.2-160000.3.1.ppc64le"
},
"product_reference": "nginx-1.27.2-160000.3.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nginx-1.27.2-160000.3.1.s390x as component of SUSE Linux Enterprise Server 16.0",
"product_id": "SUSE Linux Enterprise Server 16.0:nginx-1.27.2-160000.3.1.s390x"
},
"product_reference": "nginx-1.27.2-160000.3.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nginx-1.27.2-160000.3.1.x86_64 as component of SUSE Linux Enterprise Server 16.0",
"product_id": "SUSE Linux Enterprise Server 16.0:nginx-1.27.2-160000.3.1.x86_64"
},
"product_reference": "nginx-1.27.2-160000.3.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nginx-source-1.27.2-160000.3.1.noarch as component of SUSE Linux Enterprise Server 16.0",
"product_id": "SUSE Linux Enterprise Server 16.0:nginx-source-1.27.2-160000.3.1.noarch"
},
"product_reference": "nginx-source-1.27.2-160000.3.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nginx-1.27.2-160000.3.1.aarch64 as component of SUSE Linux Enterprise Server for SAP applications 16.0",
"product_id": "SUSE Linux Enterprise Server for SAP applications 16.0:nginx-1.27.2-160000.3.1.aarch64"
},
"product_reference": "nginx-1.27.2-160000.3.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP applications 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nginx-1.27.2-160000.3.1.ppc64le as component of SUSE Linux Enterprise Server for SAP applications 16.0",
"product_id": "SUSE Linux Enterprise Server for SAP applications 16.0:nginx-1.27.2-160000.3.1.ppc64le"
},
"product_reference": "nginx-1.27.2-160000.3.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP applications 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nginx-1.27.2-160000.3.1.s390x as component of SUSE Linux Enterprise Server for SAP applications 16.0",
"product_id": "SUSE Linux Enterprise Server for SAP applications 16.0:nginx-1.27.2-160000.3.1.s390x"
},
"product_reference": "nginx-1.27.2-160000.3.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP applications 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nginx-1.27.2-160000.3.1.x86_64 as component of SUSE Linux Enterprise Server for SAP applications 16.0",
"product_id": "SUSE Linux Enterprise Server for SAP applications 16.0:nginx-1.27.2-160000.3.1.x86_64"
},
"product_reference": "nginx-1.27.2-160000.3.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP applications 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nginx-source-1.27.2-160000.3.1.noarch as component of SUSE Linux Enterprise Server for SAP applications 16.0",
"product_id": "SUSE Linux Enterprise Server for SAP applications 16.0:nginx-source-1.27.2-160000.3.1.noarch"
},
"product_reference": "nginx-source-1.27.2-160000.3.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP applications 16.0"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2026-1642",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-1642"
}
],
"notes": [
{
"category": "general",
"text": "A vulnerability exists in NGINX OSS and NGINX Plus when configured to proxy to upstream Transport Layer Security (TLS) servers. An attacker with a man-in-the-middle (MITM) position on the upstream server side-along with conditions beyond the attacker\u0027s control-may be able to inject plain text data into the response from an upstream proxied server. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 16.0:nginx-1.27.2-160000.3.1.aarch64",
"SUSE Linux Enterprise Server 16.0:nginx-1.27.2-160000.3.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:nginx-1.27.2-160000.3.1.s390x",
"SUSE Linux Enterprise Server 16.0:nginx-1.27.2-160000.3.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nginx-source-1.27.2-160000.3.1.noarch",
"SUSE Linux Enterprise Server for SAP applications 16.0:nginx-1.27.2-160000.3.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nginx-1.27.2-160000.3.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:nginx-1.27.2-160000.3.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:nginx-1.27.2-160000.3.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nginx-source-1.27.2-160000.3.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-1642",
"url": "https://www.suse.com/security/cve/CVE-2026-1642"
},
{
"category": "external",
"summary": "SUSE Bug 1257675 for CVE-2026-1642",
"url": "https://bugzilla.suse.com/1257675"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 16.0:nginx-1.27.2-160000.3.1.aarch64",
"SUSE Linux Enterprise Server 16.0:nginx-1.27.2-160000.3.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:nginx-1.27.2-160000.3.1.s390x",
"SUSE Linux Enterprise Server 16.0:nginx-1.27.2-160000.3.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nginx-source-1.27.2-160000.3.1.noarch",
"SUSE Linux Enterprise Server for SAP applications 16.0:nginx-1.27.2-160000.3.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nginx-1.27.2-160000.3.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:nginx-1.27.2-160000.3.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:nginx-1.27.2-160000.3.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nginx-source-1.27.2-160000.3.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 16.0:nginx-1.27.2-160000.3.1.aarch64",
"SUSE Linux Enterprise Server 16.0:nginx-1.27.2-160000.3.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:nginx-1.27.2-160000.3.1.s390x",
"SUSE Linux Enterprise Server 16.0:nginx-1.27.2-160000.3.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nginx-source-1.27.2-160000.3.1.noarch",
"SUSE Linux Enterprise Server for SAP applications 16.0:nginx-1.27.2-160000.3.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nginx-1.27.2-160000.3.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:nginx-1.27.2-160000.3.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:nginx-1.27.2-160000.3.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nginx-source-1.27.2-160000.3.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-05-19T17:20:21Z",
"details": "moderate"
}
],
"title": "CVE-2026-1642"
},
{
"cve": "CVE-2026-27654",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-27654"
}
],
"notes": [
{
"category": "general",
"text": "NGINX Open Source and NGINX Plus have a vulnerability in the ngx_http_dav_module module that might allow an attacker to trigger a buffer overflow to the NGINX worker process; this vulnerability may result in termination of the NGINX worker process or modification of source or destination file names outside the document root. This issue affects NGINX Open Source and NGINX Plus when the configuration file uses DAV module MOVE or COPY methods, prefix location (nonregular expression location configuration), and alias directives. The integrity impact is constrained because the NGINX worker process user has low privileges and does not have access to the entire system. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 16.0:nginx-1.27.2-160000.3.1.aarch64",
"SUSE Linux Enterprise Server 16.0:nginx-1.27.2-160000.3.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:nginx-1.27.2-160000.3.1.s390x",
"SUSE Linux Enterprise Server 16.0:nginx-1.27.2-160000.3.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nginx-source-1.27.2-160000.3.1.noarch",
"SUSE Linux Enterprise Server for SAP applications 16.0:nginx-1.27.2-160000.3.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nginx-1.27.2-160000.3.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:nginx-1.27.2-160000.3.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:nginx-1.27.2-160000.3.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nginx-source-1.27.2-160000.3.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-27654",
"url": "https://www.suse.com/security/cve/CVE-2026-27654"
},
{
"category": "external",
"summary": "SUSE Bug 1260416 for CVE-2026-27654",
"url": "https://bugzilla.suse.com/1260416"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 16.0:nginx-1.27.2-160000.3.1.aarch64",
"SUSE Linux Enterprise Server 16.0:nginx-1.27.2-160000.3.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:nginx-1.27.2-160000.3.1.s390x",
"SUSE Linux Enterprise Server 16.0:nginx-1.27.2-160000.3.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nginx-source-1.27.2-160000.3.1.noarch",
"SUSE Linux Enterprise Server for SAP applications 16.0:nginx-1.27.2-160000.3.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nginx-1.27.2-160000.3.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:nginx-1.27.2-160000.3.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:nginx-1.27.2-160000.3.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nginx-source-1.27.2-160000.3.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.2,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 16.0:nginx-1.27.2-160000.3.1.aarch64",
"SUSE Linux Enterprise Server 16.0:nginx-1.27.2-160000.3.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:nginx-1.27.2-160000.3.1.s390x",
"SUSE Linux Enterprise Server 16.0:nginx-1.27.2-160000.3.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nginx-source-1.27.2-160000.3.1.noarch",
"SUSE Linux Enterprise Server for SAP applications 16.0:nginx-1.27.2-160000.3.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nginx-1.27.2-160000.3.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:nginx-1.27.2-160000.3.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:nginx-1.27.2-160000.3.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nginx-source-1.27.2-160000.3.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-05-19T17:20:21Z",
"details": "important"
}
],
"title": "CVE-2026-27654"
},
{
"cve": "CVE-2026-27784",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-27784"
}
],
"notes": [
{
"category": "general",
"text": "The 32-bit implementation of NGINX Open Source has a vulnerability in the ngx_http_mp4_module module, which might allow an attacker to over-read or over-write NGINX worker memory resulting in its termination, using a specially crafted MP4 file. The issue only affects 32-bit NGINX Open Source if it is built with the ngx_http_mp4_module module and the mp4 directive is used in the configuration file. Additionally, the attack is possible only if an attacker can trigger the processing of a specially crafted MP4 file with the ngx_http_mp4_module module. \n\n\nNote: Software versions which have reached End of Technical Support (EoTS) are not evaluated.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 16.0:nginx-1.27.2-160000.3.1.aarch64",
"SUSE Linux Enterprise Server 16.0:nginx-1.27.2-160000.3.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:nginx-1.27.2-160000.3.1.s390x",
"SUSE Linux Enterprise Server 16.0:nginx-1.27.2-160000.3.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nginx-source-1.27.2-160000.3.1.noarch",
"SUSE Linux Enterprise Server for SAP applications 16.0:nginx-1.27.2-160000.3.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nginx-1.27.2-160000.3.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:nginx-1.27.2-160000.3.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:nginx-1.27.2-160000.3.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nginx-source-1.27.2-160000.3.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-27784",
"url": "https://www.suse.com/security/cve/CVE-2026-27784"
},
{
"category": "external",
"summary": "SUSE Bug 1260417 for CVE-2026-27784",
"url": "https://bugzilla.suse.com/1260417"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 16.0:nginx-1.27.2-160000.3.1.aarch64",
"SUSE Linux Enterprise Server 16.0:nginx-1.27.2-160000.3.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:nginx-1.27.2-160000.3.1.s390x",
"SUSE Linux Enterprise Server 16.0:nginx-1.27.2-160000.3.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nginx-source-1.27.2-160000.3.1.noarch",
"SUSE Linux Enterprise Server for SAP applications 16.0:nginx-1.27.2-160000.3.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nginx-1.27.2-160000.3.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:nginx-1.27.2-160000.3.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:nginx-1.27.2-160000.3.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nginx-source-1.27.2-160000.3.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 16.0:nginx-1.27.2-160000.3.1.aarch64",
"SUSE Linux Enterprise Server 16.0:nginx-1.27.2-160000.3.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:nginx-1.27.2-160000.3.1.s390x",
"SUSE Linux Enterprise Server 16.0:nginx-1.27.2-160000.3.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nginx-source-1.27.2-160000.3.1.noarch",
"SUSE Linux Enterprise Server for SAP applications 16.0:nginx-1.27.2-160000.3.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nginx-1.27.2-160000.3.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:nginx-1.27.2-160000.3.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:nginx-1.27.2-160000.3.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nginx-source-1.27.2-160000.3.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-05-19T17:20:21Z",
"details": "important"
}
],
"title": "CVE-2026-27784"
},
{
"cve": "CVE-2026-28753",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-28753"
}
],
"notes": [
{
"category": "general",
"text": "NGINX Plus and NGINX Open Source have a vulnerability in the ngx_mail_smtp_module module due to the improper handling of CRLF sequences in DNS responses. This allows an attacker-controlled DNS server to inject arbitrary headers into SMTP upstream requests, leading to potential request manipulation. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 16.0:nginx-1.27.2-160000.3.1.aarch64",
"SUSE Linux Enterprise Server 16.0:nginx-1.27.2-160000.3.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:nginx-1.27.2-160000.3.1.s390x",
"SUSE Linux Enterprise Server 16.0:nginx-1.27.2-160000.3.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nginx-source-1.27.2-160000.3.1.noarch",
"SUSE Linux Enterprise Server for SAP applications 16.0:nginx-1.27.2-160000.3.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nginx-1.27.2-160000.3.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:nginx-1.27.2-160000.3.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:nginx-1.27.2-160000.3.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nginx-source-1.27.2-160000.3.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-28753",
"url": "https://www.suse.com/security/cve/CVE-2026-28753"
},
{
"category": "external",
"summary": "SUSE Bug 1260418 for CVE-2026-28753",
"url": "https://bugzilla.suse.com/1260418"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 16.0:nginx-1.27.2-160000.3.1.aarch64",
"SUSE Linux Enterprise Server 16.0:nginx-1.27.2-160000.3.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:nginx-1.27.2-160000.3.1.s390x",
"SUSE Linux Enterprise Server 16.0:nginx-1.27.2-160000.3.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nginx-source-1.27.2-160000.3.1.noarch",
"SUSE Linux Enterprise Server for SAP applications 16.0:nginx-1.27.2-160000.3.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nginx-1.27.2-160000.3.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:nginx-1.27.2-160000.3.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:nginx-1.27.2-160000.3.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nginx-source-1.27.2-160000.3.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.7,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 16.0:nginx-1.27.2-160000.3.1.aarch64",
"SUSE Linux Enterprise Server 16.0:nginx-1.27.2-160000.3.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:nginx-1.27.2-160000.3.1.s390x",
"SUSE Linux Enterprise Server 16.0:nginx-1.27.2-160000.3.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nginx-source-1.27.2-160000.3.1.noarch",
"SUSE Linux Enterprise Server for SAP applications 16.0:nginx-1.27.2-160000.3.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nginx-1.27.2-160000.3.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:nginx-1.27.2-160000.3.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:nginx-1.27.2-160000.3.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nginx-source-1.27.2-160000.3.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-05-19T17:20:21Z",
"details": "low"
}
],
"title": "CVE-2026-28753"
},
{
"cve": "CVE-2026-28755",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-28755"
}
],
"notes": [
{
"category": "general",
"text": "NGINX Plus and NGINX Open Source have a vulnerability in the ngx_stream_ssl_module module due to the improper handling of revoked certificates when configured with the ssl_verify_client on and ssl_ocsp on directives, allowing the TLS handshake to succeed even after an OCSP check identifies the certificate as revoked. \n\n\nNote: Software versions which have reached End of Technical Support (EoTS) are not evaluated.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 16.0:nginx-1.27.2-160000.3.1.aarch64",
"SUSE Linux Enterprise Server 16.0:nginx-1.27.2-160000.3.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:nginx-1.27.2-160000.3.1.s390x",
"SUSE Linux Enterprise Server 16.0:nginx-1.27.2-160000.3.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nginx-source-1.27.2-160000.3.1.noarch",
"SUSE Linux Enterprise Server for SAP applications 16.0:nginx-1.27.2-160000.3.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nginx-1.27.2-160000.3.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:nginx-1.27.2-160000.3.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:nginx-1.27.2-160000.3.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nginx-source-1.27.2-160000.3.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-28755",
"url": "https://www.suse.com/security/cve/CVE-2026-28755"
},
{
"category": "external",
"summary": "SUSE Bug 1260419 for CVE-2026-28755",
"url": "https://bugzilla.suse.com/1260419"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 16.0:nginx-1.27.2-160000.3.1.aarch64",
"SUSE Linux Enterprise Server 16.0:nginx-1.27.2-160000.3.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:nginx-1.27.2-160000.3.1.s390x",
"SUSE Linux Enterprise Server 16.0:nginx-1.27.2-160000.3.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nginx-source-1.27.2-160000.3.1.noarch",
"SUSE Linux Enterprise Server for SAP applications 16.0:nginx-1.27.2-160000.3.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nginx-1.27.2-160000.3.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:nginx-1.27.2-160000.3.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:nginx-1.27.2-160000.3.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nginx-source-1.27.2-160000.3.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 16.0:nginx-1.27.2-160000.3.1.aarch64",
"SUSE Linux Enterprise Server 16.0:nginx-1.27.2-160000.3.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:nginx-1.27.2-160000.3.1.s390x",
"SUSE Linux Enterprise Server 16.0:nginx-1.27.2-160000.3.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nginx-source-1.27.2-160000.3.1.noarch",
"SUSE Linux Enterprise Server for SAP applications 16.0:nginx-1.27.2-160000.3.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nginx-1.27.2-160000.3.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:nginx-1.27.2-160000.3.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:nginx-1.27.2-160000.3.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nginx-source-1.27.2-160000.3.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-05-19T17:20:21Z",
"details": "moderate"
}
],
"title": "CVE-2026-28755"
}
]
}
WID-SEC-W-2026-0860
Vulnerability from csaf_certbund - Published: 2026-03-24 23:00 - Updated: 2026-04-09 22:00Summary
NGINX und NGINX Plus: Mehrere Schwachstellen
Severity
Hoch
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung: NGINX Plus ist die kommerzielle Variante von NGINX, einer Webserver-, Reverse Proxy- und E-Mail Proxy Software.
NGINX ist eine Webserver-, Reverse Proxy- und E-Mail-Proxy Software.
Angriff: Ein Angreifer kann mehrere Schwachstellen in NGINX Plus und NGINX ausnutzen, um einen Denial of Service Angriff durchzuführen, um Daten zu manipulieren, um Sicherheitsvorkehrungen zu umgehen, und potenziell um beliebigen Programmcode auszuführen.
Betroffene Betriebssysteme: - Linux
- UNIX
- Windows
Affected products
Known affected
10 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
NGINX NGINX <1.29.7
NGINX / NGINX
|
<1.29.7 | ||
|
NGINX NGINX <1.28.3
NGINX / NGINX
|
<1.28.3 | ||
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
SUSE openSUSE
SUSE
|
cpe:/o:suse:opensuse:-
|
— | |
|
NGINX NGINX Plus <R32 P5
NGINX / NGINX Plus
|
<R32 P5 | ||
|
NGINX NGINX Plus <R36 P3
NGINX / NGINX Plus
|
<R36 P3 | ||
|
NGINX NGINX Plus <R35 P2
NGINX / NGINX Plus
|
<R35 P2 | ||
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— | |
|
RESF Rocky Linux
RESF
|
cpe:/o:resf:rocky_linux:-
|
— | |
|
Fedora Linux
Fedora
|
cpe:/o:fedoraproject:fedora:-
|
— |
Affected products
Known affected
10 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
NGINX NGINX <1.29.7
NGINX / NGINX
|
<1.29.7 | ||
|
NGINX NGINX <1.28.3
NGINX / NGINX
|
<1.28.3 | ||
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
SUSE openSUSE
SUSE
|
cpe:/o:suse:opensuse:-
|
— | |
|
NGINX NGINX Plus <R32 P5
NGINX / NGINX Plus
|
<R32 P5 | ||
|
NGINX NGINX Plus <R36 P3
NGINX / NGINX Plus
|
<R36 P3 | ||
|
NGINX NGINX Plus <R35 P2
NGINX / NGINX Plus
|
<R35 P2 | ||
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— | |
|
RESF Rocky Linux
RESF
|
cpe:/o:resf:rocky_linux:-
|
— | |
|
Fedora Linux
Fedora
|
cpe:/o:fedoraproject:fedora:-
|
— |
Affected products
Known affected
10 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
NGINX NGINX <1.29.7
NGINX / NGINX
|
<1.29.7 | ||
|
NGINX NGINX <1.28.3
NGINX / NGINX
|
<1.28.3 | ||
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
SUSE openSUSE
SUSE
|
cpe:/o:suse:opensuse:-
|
— | |
|
NGINX NGINX Plus <R32 P5
NGINX / NGINX Plus
|
<R32 P5 | ||
|
NGINX NGINX Plus <R36 P3
NGINX / NGINX Plus
|
<R36 P3 | ||
|
NGINX NGINX Plus <R35 P2
NGINX / NGINX Plus
|
<R35 P2 | ||
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— | |
|
RESF Rocky Linux
RESF
|
cpe:/o:resf:rocky_linux:-
|
— | |
|
Fedora Linux
Fedora
|
cpe:/o:fedoraproject:fedora:-
|
— |
Affected products
Known affected
10 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
NGINX NGINX <1.29.7
NGINX / NGINX
|
<1.29.7 | ||
|
NGINX NGINX <1.28.3
NGINX / NGINX
|
<1.28.3 | ||
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
SUSE openSUSE
SUSE
|
cpe:/o:suse:opensuse:-
|
— | |
|
NGINX NGINX Plus <R32 P5
NGINX / NGINX Plus
|
<R32 P5 | ||
|
NGINX NGINX Plus <R36 P3
NGINX / NGINX Plus
|
<R36 P3 | ||
|
NGINX NGINX Plus <R35 P2
NGINX / NGINX Plus
|
<R35 P2 | ||
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— | |
|
RESF Rocky Linux
RESF
|
cpe:/o:resf:rocky_linux:-
|
— | |
|
Fedora Linux
Fedora
|
cpe:/o:fedoraproject:fedora:-
|
— |
Affected products
Known affected
10 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
NGINX NGINX <1.29.7
NGINX / NGINX
|
<1.29.7 | ||
|
NGINX NGINX <1.28.3
NGINX / NGINX
|
<1.28.3 | ||
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
SUSE openSUSE
SUSE
|
cpe:/o:suse:opensuse:-
|
— | |
|
NGINX NGINX Plus <R32 P5
NGINX / NGINX Plus
|
<R32 P5 | ||
|
NGINX NGINX Plus <R36 P3
NGINX / NGINX Plus
|
<R36 P3 | ||
|
NGINX NGINX Plus <R35 P2
NGINX / NGINX Plus
|
<R35 P2 | ||
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— | |
|
RESF Rocky Linux
RESF
|
cpe:/o:resf:rocky_linux:-
|
— | |
|
Fedora Linux
Fedora
|
cpe:/o:fedoraproject:fedora:-
|
— |
Affected products
Known affected
10 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
NGINX NGINX <1.29.7
NGINX / NGINX
|
<1.29.7 | ||
|
NGINX NGINX <1.28.3
NGINX / NGINX
|
<1.28.3 | ||
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
SUSE openSUSE
SUSE
|
cpe:/o:suse:opensuse:-
|
— | |
|
NGINX NGINX Plus <R32 P5
NGINX / NGINX Plus
|
<R32 P5 | ||
|
NGINX NGINX Plus <R36 P3
NGINX / NGINX Plus
|
<R36 P3 | ||
|
NGINX NGINX Plus <R35 P2
NGINX / NGINX Plus
|
<R35 P2 | ||
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— | |
|
RESF Rocky Linux
RESF
|
cpe:/o:resf:rocky_linux:-
|
— | |
|
Fedora Linux
Fedora
|
cpe:/o:fedoraproject:fedora:-
|
— |
References
29 references
{
"document": {
"aggregate_severity": {
"text": "hoch"
},
"category": "csaf_base",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "de-DE",
"notes": [
{
"category": "legal_disclaimer",
"text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
},
{
"category": "description",
"text": "NGINX Plus ist die kommerzielle Variante von NGINX, einer Webserver-, Reverse Proxy- und E-Mail Proxy Software.\r\nNGINX ist eine Webserver-, Reverse Proxy- und E-Mail-Proxy Software.",
"title": "Produktbeschreibung"
},
{
"category": "summary",
"text": "Ein Angreifer kann mehrere Schwachstellen in NGINX Plus und NGINX ausnutzen, um einen Denial of Service Angriff durchzuf\u00fchren, um Daten zu manipulieren, um Sicherheitsvorkehrungen zu umgehen, und potenziell um beliebigen Programmcode auszuf\u00fchren.",
"title": "Angriff"
},
{
"category": "general",
"text": "- Linux\n- UNIX\n- Windows",
"title": "Betroffene Betriebssysteme"
}
],
"publisher": {
"category": "other",
"contact_details": "csaf-provider@cert-bund.de",
"name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
"namespace": "https://www.bsi.bund.de"
},
"references": [
{
"category": "self",
"summary": "WID-SEC-W-2026-0860 - CSAF Version",
"url": "https://wid.cert-bund.de/.well-known/csaf/white/2026/wid-sec-w-2026-0860.json"
},
{
"category": "self",
"summary": "WID-SEC-2026-0860 - Portal Version",
"url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2026-0860"
},
{
"category": "external",
"summary": "EU Vulnerability Database vom 2026-03-24",
"url": "https://euvd.enisa.europa.eu/enisa/EUVD-2026-14880"
},
{
"category": "external",
"summary": "EU Vulnerability Database vom 2026-03-24",
"url": "https://euvd.enisa.europa.eu/enisa/EUVD-2026-14881"
},
{
"category": "external",
"summary": "EU Vulnerability Database vom 2026-03-24",
"url": "https://euvd.enisa.europa.eu/enisa/EUVD-2026-14883"
},
{
"category": "external",
"summary": "EU Vulnerability Database vom 2026-03-24",
"url": "https://euvd.enisa.europa.eu/enisa/EUVD-2026-14885"
},
{
"category": "external",
"summary": "EU Vulnerability Database vom 2026-03-24",
"url": "https://euvd.enisa.europa.eu/enisa/EUVD-2026-14887"
},
{
"category": "external",
"summary": "EU Vulnerability Database vom 2026-03-24",
"url": "https://euvd.enisa.europa.eu/enisa/EUVD-2026-14897"
},
{
"category": "external",
"summary": "F5 Security Advisory vom 2026-03-24",
"url": "https://my.f5.com/manage/s/article/K000160383"
},
{
"category": "external",
"summary": "F5 Security Advisory vom 2026-03-24",
"url": "https://my.f5.com/manage/s/article/K000160382"
},
{
"category": "external",
"summary": "F5 Security Advisory vom 2026-03-24",
"url": "https://my.f5.com/manage/s/article/K000160364"
},
{
"category": "external",
"summary": "F5 Security Advisory vom 2026-03-24",
"url": "https://my.f5.com/manage/s/article/K000160367"
},
{
"category": "external",
"summary": "F5 Security Advisory vom 2026-03-24",
"url": "https://my.f5.com/manage/s/article/K000160368"
},
{
"category": "external",
"summary": "F5 Security Advisory vom 2026-03-24",
"url": "https://my.f5.com/manage/s/article/K000160366"
},
{
"category": "external",
"summary": "Fedora Security Advisory FEDORA-2026-4DE4D247A0 vom 2026-03-25",
"url": "https://bodhi.fedoraproject.org/updates/FEDORA-2026-4de4d247a0"
},
{
"category": "external",
"summary": "openSUSE Security Update OPENSUSE-SU-2026:10423-1 vom 2026-03-28",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/XQVD3WMISNZQSD5MXTECPJHIO3LBJKQ7/"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2026-6906 vom 2026-04-08",
"url": "https://linux.oracle.com/errata/ELSA-2026-6906.html"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2026:6907 vom 2026-04-08",
"url": "https://access.redhat.com/errata/RHSA-2026:6907"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2026:6906 vom 2026-04-08",
"url": "https://access.redhat.com/errata/RHSA-2026:6906"
},
{
"category": "external",
"summary": "Rocky Linux Security Advisory RLSA-2026:6923 vom 2026-04-08",
"url": "https://errata.build.resf.org/RLSA-2026:6923"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2026:6923 vom 2026-04-08",
"url": "https://access.redhat.com/errata/RHSA-2026:6923"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2026:7002 vom 2026-04-08",
"url": "https://access.redhat.com/errata/RHSA-2026:7002"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2026-6923 vom 2026-04-08",
"url": "https://linux.oracle.com/errata/ELSA-2026-6923.html"
},
{
"category": "external",
"summary": "Rocky Linux Security Advisory RLSA-2026:6907 vom 2026-04-09",
"url": "https://errata.build.resf.org/RLSA-2026:6907"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2026:7343 vom 2026-04-09",
"url": "https://access.redhat.com/errata/RHSA-2026:7343"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2026-7002 vom 2026-04-09",
"url": "https://linux.oracle.com/errata/ELSA-2026-7002.html"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2026-6907 vom 2026-04-09",
"url": "https://linux.oracle.com/errata/ELSA-2026-6907.html"
},
{
"category": "external",
"summary": "Rocky Linux Security Advisory RLSA-2026:6906 vom 2026-04-09",
"url": "https://errata.build.resf.org/RLSA-2026:6906"
},
{
"category": "external",
"summary": "Rocky Linux Security Advisory RLSA-2026:7343 vom 2026-04-10",
"url": "https://errata.build.resf.org/RLSA-2026:7343"
}
],
"source_lang": "en-US",
"title": "NGINX und NGINX Plus: Mehrere Schwachstellen",
"tracking": {
"current_release_date": "2026-04-09T22:00:00.000+00:00",
"generator": {
"date": "2026-04-10T07:10:07.356+00:00",
"engine": {
"name": "BSI-WID",
"version": "1.5.0"
}
},
"id": "WID-SEC-W-2026-0860",
"initial_release_date": "2026-03-24T23:00:00.000+00:00",
"revision_history": [
{
"date": "2026-03-24T23:00:00.000+00:00",
"number": "1",
"summary": "Initiale Fassung"
},
{
"date": "2026-03-25T23:00:00.000+00:00",
"number": "2",
"summary": "Neue Updates von Fedora aufgenommen"
},
{
"date": "2026-03-29T22:00:00.000+00:00",
"number": "3",
"summary": "Neue Updates von openSUSE aufgenommen"
},
{
"date": "2026-04-07T22:00:00.000+00:00",
"number": "4",
"summary": "Neue Updates von Oracle Linux, Red Hat und Rocky Enterprise Software Foundation aufgenommen"
},
{
"date": "2026-04-08T22:00:00.000+00:00",
"number": "5",
"summary": "Neue Updates von Oracle Linux und Rocky Enterprise Software Foundation aufgenommen"
},
{
"date": "2026-04-09T22:00:00.000+00:00",
"number": "6",
"summary": "Neue Updates von Red Hat, Oracle Linux und Rocky Enterprise Software Foundation aufgenommen"
}
],
"status": "final",
"version": "6"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Fedora Linux",
"product": {
"name": "Fedora Linux",
"product_id": "74185",
"product_identification_helper": {
"cpe": "cpe:/o:fedoraproject:fedora:-"
}
}
}
],
"category": "vendor",
"name": "Fedora"
},
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c1.29.7",
"product": {
"name": "NGINX NGINX \u003c1.29.7",
"product_id": "T052140"
}
},
{
"category": "product_version",
"name": "1.29.7",
"product": {
"name": "NGINX NGINX 1.29.7",
"product_id": "T052140-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:nginx:nginx:1.29.7"
}
}
},
{
"category": "product_version_range",
"name": "\u003c1.28.3",
"product": {
"name": "NGINX NGINX \u003c1.28.3",
"product_id": "T052141"
}
},
{
"category": "product_version",
"name": "1.28.3",
"product": {
"name": "NGINX NGINX 1.28.3",
"product_id": "T052141-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:nginx:nginx:1.28.3"
}
}
}
],
"category": "product_name",
"name": "NGINX"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003cR36 P3",
"product": {
"name": "NGINX NGINX Plus \u003cR36 P3",
"product_id": "T052137"
}
},
{
"category": "product_version",
"name": "R36 P3",
"product": {
"name": "NGINX NGINX Plus R36 P3",
"product_id": "T052137-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:nginx:nginx_plus:r36_p3"
}
}
},
{
"category": "product_version_range",
"name": "\u003cR35 P2",
"product": {
"name": "NGINX NGINX Plus \u003cR35 P2",
"product_id": "T052138"
}
},
{
"category": "product_version",
"name": "R35 P2",
"product": {
"name": "NGINX NGINX Plus R35 P2",
"product_id": "T052138-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:nginx:nginx_plus:r35_p2"
}
}
},
{
"category": "product_version_range",
"name": "\u003cR32 P5",
"product": {
"name": "NGINX NGINX Plus \u003cR32 P5",
"product_id": "T052139"
}
},
{
"category": "product_version",
"name": "R32 P5",
"product": {
"name": "NGINX NGINX Plus R32 P5",
"product_id": "T052139-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:nginx:nginx_plus:r32_p5"
}
}
}
],
"category": "product_name",
"name": "NGINX Plus"
}
],
"category": "vendor",
"name": "NGINX"
},
{
"branches": [
{
"category": "product_name",
"name": "Oracle Linux",
"product": {
"name": "Oracle Linux",
"product_id": "T004914",
"product_identification_helper": {
"cpe": "cpe:/o:oracle:linux:-"
}
}
}
],
"category": "vendor",
"name": "Oracle"
},
{
"branches": [
{
"category": "product_name",
"name": "RESF Rocky Linux",
"product": {
"name": "RESF Rocky Linux",
"product_id": "T032255",
"product_identification_helper": {
"cpe": "cpe:/o:resf:rocky_linux:-"
}
}
}
],
"category": "vendor",
"name": "RESF"
},
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux",
"product": {
"name": "Red Hat Enterprise Linux",
"product_id": "67646",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:-"
}
}
}
],
"category": "vendor",
"name": "Red Hat"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE openSUSE",
"product": {
"name": "SUSE openSUSE",
"product_id": "T027843",
"product_identification_helper": {
"cpe": "cpe:/o:suse:opensuse:-"
}
}
}
],
"category": "vendor",
"name": "SUSE"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2026-27651",
"product_status": {
"known_affected": [
"T052140",
"T052141",
"67646",
"T027843",
"T052139",
"T052137",
"T052138",
"T004914",
"T032255",
"74185"
]
},
"release_date": "2026-03-24T23:00:00.000+00:00",
"title": "CVE-2026-27651"
},
{
"cve": "CVE-2026-27654",
"product_status": {
"known_affected": [
"T052140",
"T052141",
"67646",
"T027843",
"T052139",
"T052137",
"T052138",
"T004914",
"T032255",
"74185"
]
},
"release_date": "2026-03-24T23:00:00.000+00:00",
"title": "CVE-2026-27654"
},
{
"cve": "CVE-2026-27784",
"product_status": {
"known_affected": [
"T052140",
"T052141",
"67646",
"T027843",
"T052139",
"T052137",
"T052138",
"T004914",
"T032255",
"74185"
]
},
"release_date": "2026-03-24T23:00:00.000+00:00",
"title": "CVE-2026-27784"
},
{
"cve": "CVE-2026-32647",
"product_status": {
"known_affected": [
"T052140",
"T052141",
"67646",
"T027843",
"T052139",
"T052137",
"T052138",
"T004914",
"T032255",
"74185"
]
},
"release_date": "2026-03-24T23:00:00.000+00:00",
"title": "CVE-2026-32647"
},
{
"cve": "CVE-2026-28755",
"product_status": {
"known_affected": [
"T052140",
"T052141",
"67646",
"T027843",
"T052139",
"T052137",
"T052138",
"T004914",
"T032255",
"74185"
]
},
"release_date": "2026-03-24T23:00:00.000+00:00",
"title": "CVE-2026-28755"
},
{
"cve": "CVE-2026-28753",
"product_status": {
"known_affected": [
"T052140",
"T052141",
"67646",
"T027843",
"T052139",
"T052137",
"T052138",
"T004914",
"T032255",
"74185"
]
},
"release_date": "2026-03-24T23:00:00.000+00:00",
"title": "CVE-2026-28753"
}
]
}
Loading…
Trend slope:
-
(linear fit over daily sighting counts)
Show additional events:
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…