Zero Day MonitorZDM

← Back to list

EST

PRE-CVE

f5 · nginx, nginx plus

Multiple Vulnerabilities in NGINX and NGINX Plus Allow Denial of Service, Data Manipulation, Security Bypass, and Potential Arbitrary Code Execution

72% confidence

Description

Multiple vulnerabilities in NGINX and NGINX Plus can be exploited by an attacker to perform denial of service attacks, manipulate data, bypass security measures, and potentially execute arbitrary code. [Auto-archived: reprocess_no_remaining_articles — 2026-04-10T13:21:39.861Z]

Affected Products

Vendor	Product	Versions
f5	nginx, nginx plus	—

CISA KEV❌ No

Actively exploited❌ No

PublishedApr 8, 2026

Last enriched2d ago

Tags

denial of servicecode executionsecurity bypassdata manipulation

Trending Score0

Source articles0

Independent0

Info Completeness4/14

Missing: cve_id, versions, cvss, epss, cwe, kev, exploit, patch, iocs, mitre_attack

Community Vote

0 upvotes0 downvotes

No votes yet

Related CVEs (5)

HIGHCVE-2026-27651

When the ngx_mail_auth_http_module module is enabled on NGINX Plus or NGINX Open Source, undisclosed requests can cause worker processes to terminate. This issue may occur when (1) CRAM-MD5 or APOP au

HIGHCVE-2026-27784

The 32-bit implementation of NGINX Open Source has a vulnerability in the ngx_http_mp4_module module, which might allow an attacker to over-read or over-write NGINX worker memory resulting in its term

HIGHCVE-2026-32647

NGINX Open Source and NGINX Plus have a vulnerability in the ngx_http_mp4_module module, which might allow an attacker to trigger a buffer over-read or over-write to the NGINX worker memory resulting

HIGHCVE-2026-27654

NGINX Open Source and NGINX Plus have a vulnerability in the ngx_http_dav_module module that might allow an attacker to trigger a buffer overflow to the NGINX worker process; this vulnerability may re

MEDIUMCVE-2026-28755

NGINX Plus and NGINX Open Source have a vulnerability in the ngx_stream_ssl_module module due to the improper handling of revoked certificates when configured with the ssl_verify_client on and ssl_ocs

Pin to Dashboard

Verification

State: archived

Confidence: 72%

Vulnerability Timeline

CVE Published

Apr 8, 2026

Discovered by ZDM

Apr 8, 2026