PT-2026-27429 · Nginx+4 · Nginx Open Source+6
Publicado
2026-03-24
·
Atualizado
2026-06-22
·
CVE-2026-27651
CVSS v4.0
8.7
Alta
| Vetor | AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X |
Name of the Vulnerable Software and Affected Versions
NGINX Open Source (affected versions not specified)
NGINX Plus (affected versions not specified)
Description
When the
ngx mail auth http module module is enabled, certain undisclosed requests can lead to the termination of worker processes. This occurs when CRAM-MD5 or APOP authentication is enabled and the authentication server responds with the Auth-Wait header, allowing retries.Recommendations
At the moment, there is no information about a newer version that contains a fix for this vulnerability.
DoS
NULL Pointer Dereference
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Linuxmint
Nginx Open Source
Nginx Plus
Nginx
Red Os
Rocky Linux
Ubuntu