Zero Day MonitorZDM

← Back to list

7.5

CVE-2026-27651PATCHED

f5 · nginx_open_source

When the ngx_mail_auth_http_module module is enabled on NGINX Plus or NGINX Open Source, undisclosed requests can cause worker processes to terminate. This issue may occur when (1) CRAM-MD5 or APOP au

Description

When the ngx_mail_auth_http_module module is enabled on NGINX Plus or NGINX Open Source, undisclosed requests can cause worker processes to terminate. This issue may occur when (1) CRAM-MD5 or APOP authentication is enabled, and (2) the authentication server permits retry by returning the Auth-Wait response header. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

Affected Products

Vendor	Product	Versions
f5	nginx_open_source	<= 0.9.7, < 1.28.3, < 1.29.7, < r35

Also Affects

Downstream vendors/products affected by this vulnerability

Vendor	Product	Source	Confidence
fedora	fedora linux	cert_advisory	90%
nginx	nginx plus	cert_advisory	90%
nginx	nginx	cert_advisory	90%
oracle	oracle linux	cert_advisory	90%
red hat	red hat enterprise linux	cert_advisory	90%

References

https://my.f5.com/manage/s/article/K000160383(Vendor Advisory)

Related News (3 articles)

Tier B

BSI Advisories2d ago

[UPDATE] [hoch] NGINX und NGINX Plus: Mehrere Schwachstellen

→ No new info (linked only)

Tier B

CERT-FR11d ago

Multiples vulnérabilités dans les produits Microsoft (30 mars 2026)

→ No new info (linked only)

Tier A

Microsoft MSRC14d ago

CVE-2026-27651 NGINX ngx_mail_auth_http_module vulnerability

→ No new info (linked only)

CVSS 3.17.5 HIGH

VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CISA KEV❌ No

Actively exploited❌ No

Patch available

1.28.31.29.7r35

CWECWE-476

PublishedMar 24, 2026

Last enriched8d ago

Trending Score31

Source articles3

Independent3

Info Completeness9/14

Missing: epss, kev, exploit, iocs, mitre_attack

Community Vote

0 upvotes0 downvotes

No votes yet

Related CVEs (5)

HIGHCVE-2026-27784

The 32-bit implementation of NGINX Open Source has a vulnerability in the ngx_http_mp4_module module, which might allow an attacker to over-read or over-write NGINX worker memory resulting in its term

HIGHCVE-2026-32647

NGINX Open Source and NGINX Plus have a vulnerability in the ngx_http_mp4_module module, which might allow an attacker to trigger a buffer over-read or over-write to the NGINX worker memory resulting

HIGHCVE-2026-27654

NGINX Open Source and NGINX Plus have a vulnerability in the ngx_http_dav_module module that might allow an attacker to trigger a buffer overflow to the NGINX worker process; this vulnerability may re

MEDIUMCVE-2026-28755

NGINX Plus and NGINX Open Source have a vulnerability in the ngx_stream_ssl_module module due to the improper handling of revoked certificates when configured with the ssl_verify_client on and ssl_ocs

LOWCVE-2026-28753

NGINX Plus and NGINX Open Source have a vulnerability in the ngx_mail_smtp_module module due to the improper handling of CRLF sequences in DNS responses. This allows an attacker-controlled DNS server

Pin to Dashboard

Verification

State: verified

Confidence: 100%

Vulnerability Timeline

CVE Published

Mar 24, 2026

Patch Available

Mar 30, 2026

Discovered by ZDM

Apr 1, 2026