CVE-2026-28753

Name of the Vulnerable Software and Affected Versions NGINX Plus and NGINX Open Source (affected versions not specified)

Description The software contains a flaw in the ngx mail smtp module module related to how it processes Carriage Return Line Feed (CRLF) sequences within DNS responses. An attacker controlling a DNS server could exploit this to inject custom headers into SMTP requests sent upstream, potentially manipulating those requests.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.