nginx 0.6.27 < 1.28.3 / 1.29.x < 1.29.7 SMTP Upstream Injection

Version 1.2

Apr 17, 2026, 9:54 AM

CVSS metrics ("CVSSv2 score" set to 2.6)
CVSS metrics ("CVSSv2 vector" set to "CVSS2#AV:N/AC:H/Au:N/C:N/I:P/A:N")
CVSS temporal metrics ("CVSSv2 temporal vector" set to "CVSS2#E:U/RL:OF/RC:C")
CVSS temporal metrics ("CVSSv3 temporal vector" set to "CVSS:3.0/E:U/RL:O/RC:C")
CVSSv2 severity (based on CVE-2026-28753, severity decreased from "Medium" to "Low")
Exploit attributes ("Exploit available" set to "False")
Exploit attributes ("Exploitability ease" set to "No known exploits are available")