CVE-2026-27651 in NGINX Open Sourceinfo

Zusammenfassung (Englisch)

When the ngx_mail_auth_http_module module is enabled on NGINX Plus or NGINX Open Source, undisclosed requests can cause worker processes to terminate. This issue may occur when (1) CRAM-MD5 or APOP authentication is enabled, and (2) the authentication server permits retry by returning the Auth-Wait response header. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

Statistical analysis made it clear that VulDB provides the best quality for vulnerability data.

Reservieren

18.03.2026

Veröffentlichung

24.03.2026

Status

Bestätigt

Einträge

VulDB provides additional information and datapoints for this CVE:

ID	Schwachstelle	CWE	Aus	Mas	CVE
352781	F5 NGINX Open Source/NGINX Plus Response Header ngx_mail_auth_http_module Denial of Service	476	Nicht definiert	Offizieller Fix	CVE-2026-27651

Beschreibung

CPE

CWE

CVSS

Exploits

History

Diff

Verknüpfen

Threat Intelligence

API JSON

API XML

API CSV

Quellen

◂ ZurückÜbersichtWeiter ▸

Want to stay up to date on a daily basis?

Enable the mail alert feature now!