Zero Day MonitorZDM

← Back to list

7.8

CVE-2026-27784PATCHED

f5 · nginx_open_source

The 32-bit implementation of NGINX Open Source has a vulnerability in the ngx_http_mp4_module module, which might allow an attacker to over-read or over-write NGINX worker memory resulting in its term

Description

The 32-bit implementation of NGINX Open Source has a vulnerability in the ngx_http_mp4_module module, which might allow an attacker to over-read or over-write NGINX worker memory resulting in its termination, using a specially crafted MP4 file. The issue only affects 32-bit NGINX Open Source if it is built with the ngx_http_mp4_module module and the mp4 directive is used in the configuration file. Additionally, the attack is possible only if an attacker can trigger the processing of a specially crafted MP4 file with the ngx_http_mp4_module module. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

Affected Products

Vendor	Product	Versions
f5	nginx_open_source	< 1.28.3, < 1.29.7

Also Affects

Downstream vendors/products affected by this vulnerability

Vendor	Product	Source	Confidence
fedora	fedora linux	cert_advisory	90%
nginx	nginx plus	cert_advisory	90%
nginx	nginx	cert_advisory	90%
oracle	oracle linux	cert_advisory	90%
red hat	red hat enterprise linux	cert_advisory	90%

References

https://my.f5.com/manage/s/article/K000160364(Mitigation, Vendor Advisory)

Related News (3 articles)

Tier B

BSI Advisories2d ago

[UPDATE] [hoch] NGINX und NGINX Plus: Mehrere Schwachstellen

→ No new info (linked only)

Tier B

CERT-FR11d ago

Multiples vulnérabilités dans les produits Microsoft (30 mars 2026)

→ No new info (linked only)

Tier A

Microsoft MSRC14d ago

CVE-2026-27784 NGINX ngx_http_mp4_module vulnerability

→ No new info (linked only)

CVSS 3.17.8 HIGH

VectorCVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CISA KEV❌ No

Actively exploited❌ No

Patch available

1.28.31.29.7

CWECWE-190

PublishedMar 24, 2026

Last enriched8d ago

Trending Score31

Source articles3

Independent3

Info Completeness9/14

Missing: epss, kev, exploit, iocs, mitre_attack

Community Vote

0 upvotes0 downvotes

No votes yet

Related CVEs (5)

HIGHCVE-2026-27651

When the ngx_mail_auth_http_module module is enabled on NGINX Plus or NGINX Open Source, undisclosed requests can cause worker processes to terminate. This issue may occur when (1) CRAM-MD5 or APOP au

HIGHCVE-2026-32647

NGINX Open Source and NGINX Plus have a vulnerability in the ngx_http_mp4_module module, which might allow an attacker to trigger a buffer over-read or over-write to the NGINX worker memory resulting

HIGHCVE-2026-27654

NGINX Open Source and NGINX Plus have a vulnerability in the ngx_http_dav_module module that might allow an attacker to trigger a buffer overflow to the NGINX worker process; this vulnerability may re

MEDIUMCVE-2026-28755

NGINX Plus and NGINX Open Source have a vulnerability in the ngx_stream_ssl_module module due to the improper handling of revoked certificates when configured with the ssl_verify_client on and ssl_ocs

LOWCVE-2026-28753

NGINX Plus and NGINX Open Source have a vulnerability in the ngx_mail_smtp_module module due to the improper handling of CRLF sequences in DNS responses. This allows an attacker-controlled DNS server

Pin to Dashboard

Verification

State: verified

Confidence: 100%

Vulnerability Timeline

CVE Published

Mar 24, 2026

Patch Available

Mar 30, 2026

Discovered by ZDM

Apr 1, 2026