Description
There are packages installed that are affected by multiple vulnerabilities referenced in the following CVEs:
- NGINX Open Source and NGINX Plus have a vulnerability in the ngx_http_dav_module module that might allow
an attacker to trigger a buffer overflow to the NGINX worker process; this vulnerability may result in
termination of the NGINX worker process or modification of source or destination file names outside the
document root. This issue affects NGINX Open Source and NGINX Plus when the configuration file uses DAV
module MOVE or COPY methods, prefix location (nonregular expression location configuration), and alias
directives. The integrity impact is constrained because the NGINX worker process user has low privileges
and does not have access to the entire system. Note: Software versions which have reached End of Technical
Support (EoTS) are not evaluated. (CVE-2026-27654)
- When the ngx_mail_auth_http_module module is enabled on NGINX Plus or NGINX Open Source, undisclosed
requests can cause worker processes to terminate. This issue may occur when (1) CRAM-MD5 or APOP
authentication is enabled, and (2) the authentication server permits retry by returning the Auth-Wait
response header. Note: Software versions which have reached End of Technical Support (EoTS) are not
evaluated. (CVE-2026-27651)
- The 32-bit implementation of NGINX Open Source has a vulnerability in the ngx_http_mp4_module module,
which might allow an attacker to over-read or over-write NGINX worker memory resulting in its termination,
using a specially crafted MP4 file. The issue only affects 32-bit NGINX Open Source if it is built with
the ngx_http_mp4_module module and the mp4 directive is used in the configuration file. Additionally, the
attack is possible only if an attacker can trigger the processing of a specially crafted MP4 file with the
ngx_http_mp4_module module. Note: Software versions which have reached End of Technical Support (EoTS) are
not evaluated. (CVE-2026-27784)
- NGINX Plus and NGINX Open Source have a vulnerability in the ngx_mail_smtp_module module due to the
improper handling of CRLF sequences in DNS responses. This allows an attacker-controlled DNS server to
inject arbitrary headers into SMTP upstream requests, leading to potential request manipulation. Note:
Software versions which have reached End of Technical Support (EoTS) are not evaluated. (CVE-2026-28753)
Solution
Update the nginx library and its related packages to version 1.28.3-r0 or later.
Plugin Details
Supported Sensors: Agentless Assessment, Tenable Cloud Security, Tenable Self-Hosted Container Security
Risk Information
Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:C
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
Temporal Vector: CVSS:3.0/E:P/RL:O/RC:C
Threat Vector: CVSS:4.0/E:P
Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:H/SC:N/SI:N/SA:N
Vulnerability Information
Exploit Ease: Exploits are available
Vulnerability Publication Date: 3/24/2026