CVE-2026-28753 in F5 NGINX Open Sourceinfo

Zusammenfassung (Englisch)

NGINX Plus and NGINX Open Source have a vulnerability in the ngx_mail_smtp_module module due to the improper handling of CRLF sequences in DNS responses. This allows an attacker-controlled DNS server to inject arbitrary headers into SMTP upstream requests, leading to potential request manipulation. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

Reservieren

18.03.2026

Veröffentlichung

24.03.2026

Einträge

VulDB provides additional information and datapoints for this CVE:

ID	Schwachstelle	CWE	Aus	Mas	CVE
352785	F5 NGINX Open Source/NGINX Plus ngx_mail_smtp_module erweiterte Rechte	93	Nicht definiert	Offizieller Fix	CVE-2026-28753

Beschreibung

CPE

CWE

CVSS

Exploits

History

Diff

Verknüpfen

Threat Intelligence

API JSON

API XML

API CSV

◂ ZurückÜbersichtWeiter ▸

Do you want to use VulDB in your project?

Use the official API to access entries easily!