PT-2026-27431 · Nginx+4 · Nginx Open Source+5

Publicado

2026-03-24

·

Atualizado

2026-06-22

·

CVE-2026-27784

CVSS v3.1

7.8

Alta

VetorAV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Name of the Vulnerable Software and Affected Versions NGINX Open Source (affected versions not specified)
Description The 32-bit implementation of NGINX Open Source contains an issue within the ngx http mp4 module module. This can allow an attacker to read from or write to NGINX worker memory, potentially causing the service to terminate. The issue requires a specially crafted MP4 file to be processed by the ngx http mp4 module module. This is only possible if the NGINX Open Source installation is 32-bit, built with the ngx http mp4 module module, and the mp4 directive is used in the configuration file.
Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

DoS

Integer Overflow

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

Enumeração de Fraquezas

Identificadores relacionados

ALSA-2026:6906
ALSA-2026:6907
ALSA-2026:6923
ALSA-2026:7002
ALSA-2026:7343
BDU:2026-04818
BIT-NGINX-2026-27784
BIT-NGINX-GATEWAY-2026-27784
CVE-2026-27784
OPENSUSE-SU-2026:10423-1
OPENSUSE-SU-2026:20784-1
RHSA-2026:13680
RHSA-2026:13839
RHSA-2026:14836
RHSA-2026:6906
RHSA-2026:6907
RHSA-2026:6923
RHSA-2026:7002
RHSA-2026:7343
RHSA-2026:8346
SUSE-SU-2026:1761-1
SUSE-SU-2026:1953-1
SUSE-SU-2026:21823-1
USN-8210-1
USN-8375-1

Produtos afetados

Linuxmint
Nginx Open Source
Nginx
Red Os
Rocky Linux
Ubuntu