PT-2026-27430 · Nginx+4 · Nginx Open Source+6
Bzimport
·
Published
2026-03-24
·
Updated
2026-07-06
·
CVE-2026-27654
CVSS v4.0
8.8
High
| Vector | AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X |
Name of the Vulnerable Software and Affected Versions
NGINX Open Source (affected versions not specified)
NGINX Plus (affected versions not specified)
Description
A heap-based buffer overflow exists in the
ngx http dav module module. This issue occurs when the configuration utilizes the DAV module MOVE or COPY methods in combination with prefix location (non-regular expression location configuration) and alias directives. A remote attacker can exploit this by sending a short Destination header, which may lead to the termination of the NGINX worker process, resulting in a Denial of Service (DoS), or allow the modification of source or destination file names outside the intended document root. The impact on integrity is limited as the NGINX worker process operates with low privileges.Recommendations
At the moment, there is no information about a newer version that contains a fix for this vulnerability.
As a temporary workaround, restrict the use of the
MOVE and COPY methods within the ngx http dav module when used with prefix locations and alias directives.Exploit
DoS
RCE
Heap Based Buffer Overflow
Buffer Overflow
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Linuxmint
Nginx Open Source
Nginx Plus
Nginx
Red Os
Rocky Linux
Ubuntu