PT-2026-27429 · Nginx+4 · Nginx Open Source+6

Publicado

2026-03-24

·

Atualizado

2026-06-22

·

CVE-2026-27651

CVSS v4.0

8.7

Alta

VetorAV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Name of the Vulnerable Software and Affected Versions NGINX Open Source (affected versions not specified) NGINX Plus (affected versions not specified)
Description When the ngx mail auth http module module is enabled, certain undisclosed requests can lead to the termination of worker processes. This occurs when CRAM-MD5 or APOP authentication is enabled and the authentication server responds with the Auth-Wait header, allowing retries.
Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

DoS

NULL Pointer Dereference

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

Enumeração de Fraquezas

Identificadores relacionados

ALSA-2026:6906
ALSA-2026:6907
ALSA-2026:6923
ALSA-2026:7002
ALSA-2026:7343
BDU:2026-04820
BIT-NGINX-2026-27651
BIT-NGINX-GATEWAY-2026-27651
CVE-2026-27651
OPENSUSE-SU-2026:10423-1
OPENSUSE-SU-2026:20796-1
RHSA-2026:13634
RHSA-2026:13680
RHSA-2026:13839
RHSA-2026:14836
RHSA-2026:15942
RHSA-2026:15943
RHSA-2026:15945
RHSA-2026:15966
RHSA-2026:6906
RHSA-2026:6907
RHSA-2026:6923
RHSA-2026:7002
RHSA-2026:7343
RHSA-2026:8346
SUSE-SU-2026:2050-1
SUSE-SU-2026:21832-1
SUSE-SU-2026:2370-1
USN-8210-1
USN-8375-1

Produtos afetados

Linuxmint
Nginx Open Source
Nginx Plus
Nginx
Red Os
Rocky Linux
Ubuntu