CVE-2026-27784

High CVSS: 8.5

The 32-bit implementation of NGINX Open Source has a vulnerability in the ngx_http_mp4_module module, which might allow an attacker to over-read or over-write NGINX worker memory resulting in its termination, using a specially crafted MP4 file. The issue only affects 32-bit NGINX Open Source if it is built with the ngx_http_mp4_module module and the mp4 directive is used in the configuration file. Additionally, the attack is possible only if an attacker can trigger the processing of a specially crafted MP4 file with the ngx_http_mp4_module module.

Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

Vendor

Product

Nginx Open Source

CWE

CWE-190

Yayın Tarihi

2026-03-24 15:16:33

Güncelleme

2026-03-30 13:59:42

Source Identifier

f5sirt@f5.com

KEV Date Added

Kategoriler

CWE-190 Nginx Open Source HIGH F5 2026

Referanslar

https://my.f5.com/manage/s/article/K000160364

Benzer Kayıtlar

High

CVE-2026-32647

NGINX Open Source and NGINX Plus have a vulnerability in the ngx_http_mp4_module module, which might allow an attacker t…

High

CVE-2026-27654

NGINX Open Source and NGINX Plus have a vulnerability in the ngx_http_dav_module module that might allow an attacker to…

Medium

CVE-2026-28753

NGINX Plus and NGINX Open Source have a vulnerability in the ngx_mail_smtp_module module due to the improper handling of…

Medium

CVE-2026-28755

NGINX Plus and NGINX Open Source have a vulnerability in the ngx_stream_ssl_module module due to the improper handling o…

High

CVE-2026-27651

When the ngx_mail_auth_http_module module is enabled on NGINX Plus or NGINX Open Source, undisclosed requests can cause…

Medium

CVE-2026-22549

A vulnerability exists in F5 BIG-IP Container Ingress Services that may allow excessive permissions to read cluster secr…