PT-2026-27431 · Nginx+4 · Nginx Open Source+5
Publicado
2026-03-24
·
Atualizado
2026-06-22
·
CVE-2026-27784
CVSS v3.1
7.8
Alta
| Vetor | AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
NGINX Open Source (affected versions not specified)
Description
The 32-bit implementation of NGINX Open Source contains an issue within the
ngx http mp4 module module. This can allow an attacker to read from or write to NGINX worker memory, potentially causing the service to terminate. The issue requires a specially crafted MP4 file to be processed by the ngx http mp4 module module. This is only possible if the NGINX Open Source installation is 32-bit, built with the ngx http mp4 module module, and the mp4 directive is used in the configuration file.Recommendations
At the moment, there is no information about a newer version that contains a fix for this vulnerability.
DoS
Integer Overflow
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Linuxmint
Nginx Open Source
Nginx
Red Os
Rocky Linux
Ubuntu