CVE-2026-27654

Name of the Vulnerable Software and Affected Versions NGINX Open Source and NGINX Plus (affected versions not specified)

Description NGINX Open Source and NGINX Plus are affected by a buffer overflow in the ngx http dav module module. Exploitation of this issue may allow a remote attacker to cause a denial-of-service or potentially modify file names outside the document root. This occurs when the configuration file uses DAV module MOVE or COPY methods, prefix location, and alias directives. The impact on system integrity is limited due to the low privileges of the NGINX worker process user. A proof-of-concept exploit has been discovered, and exploit reproduction is possible after patch release. The vulnerability is triggered by crafted DAV requests and a short Destination header under an alias/dav combination. The issue was discovered with the assistance of AI-assisted research and human validation.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.