PT-2026-27433 · Nginx+1 · Nginx Open Source+1
Mufeed Vh
·
Published
2026-03-24
·
Updated
2026-03-24
·
CVE-2026-28755
CVSS v3.1
5.4
Medium
| AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
NGINX Plus and NGINX Open Source (affected versions not specified)
Description
The software contains an issue in the
ngx stream ssl module module related to the handling of revoked certificates. When configured with the ssl verify client on and ssl ocsp on directives, the TLS handshake can succeed even if an Online Certificate Status Protocol (OCSP) check indicates the certificate has been revoked. This occurs due to improper handling of revoked certificates.Recommendations
At the moment, there is no information about a newer version that contains a fix for this vulnerability.
Incorrect Authorization
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Nginx Open Source
Nginx Plus