Zero Day MonitorZDM

← Back to list

8.2

CVE-2026-27654PATCHED

f5 · nginx_plus

NGINX Open Source and NGINX Plus have a vulnerability in the ngx_http_dav_module module that might allow an attacker to trigger a buffer overflow to the NGINX worker process; this vulnerability may re

Description

NGINX Open Source and NGINX Plus have a vulnerability in the ngx_http_dav_module module that might allow an attacker to trigger a buffer overflow to the NGINX worker process; this vulnerability may result in termination of the NGINX worker process or modification of source or destination file names outside the document root. This issue affects NGINX Open Source and NGINX Plus when the configuration file uses DAV module MOVE or COPY methods, prefix location (nonregular expression location configuration), and alias directives. The integrity impact is constrained because the NGINX worker process user has low privileges and does not have access to the entire system. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

Affected Products

Vendor	Product	Versions
f5	nginx_plus	<= 0.9.7, < 1.28.3, < 1.29.7

Also Affects

Downstream vendors/products affected by this vulnerability

Vendor	Product	Source	Confidence
fedora	fedora linux	cert_advisory	90%
nginx	nginx plus	cert_advisory	90%
nginx	nginx	cert_advisory	90%
oracle	oracle linux	cert_advisory	90%
red hat	red hat enterprise linux	cert_advisory	90%

References

https://my.f5.com/manage/s/article/K000160382(Vendor Advisory)

Related News (3 articles)

Tier B

BSI Advisories2d ago

[UPDATE] [hoch] NGINX und NGINX Plus: Mehrere Schwachstellen

→ No new info (linked only)

Tier B

CERT-FR11d ago

Multiples vulnérabilités dans les produits Microsoft (30 mars 2026)

→ No new info (linked only)

Tier A

Microsoft MSRC14d ago

CVE-2026-27654 NGINX ngx_http_dav_module vulnerability

→ No new info (linked only)

CVSS 3.18.2 HIGH

VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H

CISA KEV❌ No

Actively exploited❌ No

Patch available

1.28.31.29.7

CWECWE-122

PublishedMar 24, 2026

Last enriched8d ago

Trending Score31

Source articles3

Independent3

Info Completeness9/14

Missing: epss, kev, exploit, iocs, mitre_attack

Community Vote

0 upvotes0 downvotes

No votes yet

Related CVEs (5)

HIGHCVE-2026-27651

When the ngx_mail_auth_http_module module is enabled on NGINX Plus or NGINX Open Source, undisclosed requests can cause worker processes to terminate. This issue may occur when (1) CRAM-MD5 or APOP au

HIGHCVE-2026-27784

The 32-bit implementation of NGINX Open Source has a vulnerability in the ngx_http_mp4_module module, which might allow an attacker to over-read or over-write NGINX worker memory resulting in its term

HIGHCVE-2026-32647

NGINX Open Source and NGINX Plus have a vulnerability in the ngx_http_mp4_module module, which might allow an attacker to trigger a buffer over-read or over-write to the NGINX worker memory resulting

MEDIUMCVE-2026-28755

NGINX Plus and NGINX Open Source have a vulnerability in the ngx_stream_ssl_module module due to the improper handling of revoked certificates when configured with the ssl_verify_client on and ssl_ocs

LOWCVE-2026-28753

NGINX Plus and NGINX Open Source have a vulnerability in the ngx_mail_smtp_module module due to the improper handling of CRLF sequences in DNS responses. This allows an attacker-controlled DNS server

Pin to Dashboard

Verification

State: verified

Confidence: 100%

Vulnerability Timeline

CVE Published

Mar 24, 2026

Patch Available

Mar 26, 2026

Discovered by ZDM

Apr 1, 2026