Zero Day MonitorZDM

← Back to list

3.7

CVE-2026-28753PATCHED

f5 · nginx_plus

NGINX Plus and NGINX Open Source have a vulnerability in the ngx_mail_smtp_module module due to the improper handling of CRLF sequences in DNS responses. This allows an attacker-controlled DNS server

Description

NGINX Plus and NGINX Open Source have a vulnerability in the ngx_mail_smtp_module module due to the improper handling of CRLF sequences in DNS responses. This allows an attacker-controlled DNS server to inject arbitrary headers into SMTP upstream requests, leading to potential request manipulation. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

Affected Products

Vendor	Product	Versions
f5	nginx_plus	<= 0.9.7, < 1.28.3, < 1.29.7

Also Affects

Downstream vendors/products affected by this vulnerability

Vendor	Product	Source	Confidence
fedora	fedora linux	cert_advisory	90%
nginx	nginx	cert_advisory	90%
nginx	nginx plus	cert_advisory	90%
oracle	oracle linux	cert_advisory	90%
red hat	red hat enterprise linux	cert_advisory	90%

References

https://my.f5.com/manage/s/article/K000160367(Vendor Advisory)

Related News (3 articles)

Tier B

BSI Advisories2d ago

[UPDATE] [hoch] NGINX und NGINX Plus: Mehrere Schwachstellen

→ No new info (linked only)

Tier B

CERT-FR11d ago

Multiples vulnérabilités dans les produits Microsoft (30 mars 2026)

→ No new info (linked only)

Tier A

Microsoft MSRC14d ago

CVE-2026-28753 NGINX ngx_mail_proxy_module vulnerability

→ No new info (linked only)

CVSS 3.13.7 LOW

VectorCVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N

CISA KEV❌ No

Actively exploited❌ No

Patch available

1.28.31.29.7

CWECWE-93

PublishedMar 24, 2026

Last enriched8d ago

Trending Score26

Source articles3

Independent3

Info Completeness9/14

Missing: epss, kev, exploit, iocs, mitre_attack

Community Vote

0 upvotes0 downvotes

No votes yet

Related CVEs (5)

HIGHCVE-2026-27651

When the ngx_mail_auth_http_module module is enabled on NGINX Plus or NGINX Open Source, undisclosed requests can cause worker processes to terminate. This issue may occur when (1) CRAM-MD5 or APOP au

HIGHCVE-2026-27784

The 32-bit implementation of NGINX Open Source has a vulnerability in the ngx_http_mp4_module module, which might allow an attacker to over-read or over-write NGINX worker memory resulting in its term

HIGHCVE-2026-32647

NGINX Open Source and NGINX Plus have a vulnerability in the ngx_http_mp4_module module, which might allow an attacker to trigger a buffer over-read or over-write to the NGINX worker memory resulting

HIGHCVE-2026-27654

NGINX Open Source and NGINX Plus have a vulnerability in the ngx_http_dav_module module that might allow an attacker to trigger a buffer overflow to the NGINX worker process; this vulnerability may re

MEDIUMCVE-2026-28755

NGINX Plus and NGINX Open Source have a vulnerability in the ngx_stream_ssl_module module due to the improper handling of revoked certificates when configured with the ssl_verify_client on and ssl_ocs

Pin to Dashboard

Verification

State: verified

Confidence: 100%

Vulnerability Timeline

CVE Published

Mar 24, 2026

Patch Available

Mar 26, 2026

Discovered by ZDM

Apr 1, 2026