F5 · Nginx Plus · CVE-2026-28753
**Name of the Vulnerable Software and Affected Versions**
NGINX Plus and NGINX Open Source (affected versions not specified)
**Description**
The software contains a flaw in the `ngx mail smtp module` module related to how it processes Carriage Return Line Feed (CRLF) sequences within DNS responses. An attacker controlling a DNS server could exploit this to inject custom headers into SMTP requests sent upstream, potentially manipulating those requests.
**Recommendations**
At the moment, there is no information about a newer version that contains a fix for this vulnerability.