RHSA-2026:8346

Vulnerability from csaf_redhat - Published: 2026-04-15 21:09 - Updated: 2026-04-19 19:40
Summary
Red Hat Security Advisory: Red Hat Hardened Images RPMs bug fix and enhancement update
Severity
Important
Notes
Topic: An update for Red Hat Hardened Images RPMs is now available.
Details: This update includes the following RPMs: nginx: * nginx-1.30.0-1.hum1 (aarch64, x86_64) * nginx-all-modules-1.30.0-1.hum1 (noarch) * nginx-core-1.30.0-1.hum1 (aarch64, x86_64) * nginx-filesystem-1.30.0-1.hum1 (noarch) * nginx-mod-devel-1.30.0-1.hum1 (aarch64, x86_64) * nginx-mod-http-geoip-1.30.0-1.hum1 (aarch64, x86_64) * nginx-mod-http-image-filter-1.30.0-1.hum1 (aarch64, x86_64) * nginx-mod-http-perl-1.30.0-1.hum1 (aarch64, x86_64) * nginx-mod-http-xslt-filter-1.30.0-1.hum1 (aarch64, x86_64) * nginx-mod-mail-1.30.0-1.hum1 (aarch64, x86_64) * nginx-mod-stream-1.30.0-1.hum1 (aarch64, x86_64) * nginx-mod-stream-geoip-1.30.0-1.hum1 (aarch64, x86_64) * nginx-1.30.0-1.hum1.src (src)
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
CVE-2025-53859

A memory access flaw has been discovered in nginx. The ngx_mail_smtp_module might allow an unauthenticated attacker to over-read NGINX SMTP authentication process memory. As a result, the server side may leak arbitrary bytes sent in a request to the authentication server. This issue occurs during the NGINX SMTP authentication process, requiring the attacker to prepare against the target system to extract the leaked data.

3.7 (Low)
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
CWE-125 - Out-of-bounds Read
Vendor Fix For details on how to apply this update, which includes the changes described in this advisory, refer to: https://images.redhat.com/ https://access.redhat.com/errata/RHSA-2026:8346
Workaround Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.
CVE-2026-1642

A flaw was found in NGINX. When NGINX is configured to proxy to upstream Transport Layer Security (TLS) servers, An attacker with a man-in-the-middle (MITM) position on the upstream server side—along with conditions beyond the attacker's control—may be able to inject plain text data into the response from an upstream proxied server.

5.9 (Medium)
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
CWE-349 - Acceptance of Extraneous Untrusted Data With Trusted Data
Vendor Fix For details on how to apply this update, which includes the changes described in this advisory, refer to: https://images.redhat.com/ https://access.redhat.com/errata/RHSA-2026:8346
Workaround Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.
CVE-2026-27651

A flaw was found in NGINX, specifically within the ngx_mail_auth_http_module. When this module is enabled, and CRAM-MD5 or APOP authentication is active with an authentication server that permits retries, undisclosed requests can cause NGINX worker processes to terminate. This can lead to a Denial of Service (DoS), making the affected NGINX instance unavailable to legitimate users.

7.5 (High)
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CWE-476 - NULL Pointer Dereference
Vendor Fix For details on how to apply this update, which includes the changes described in this advisory, refer to: https://images.redhat.com/ https://access.redhat.com/errata/RHSA-2026:8346
Workaround Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.
CVE-2026-27654

A flaw was found in NGINX. A remote attacker can exploit a buffer overflow vulnerability within the ngx_http_dav_module module. This occurs when the NGINX configuration uses DAV module MOVE or COPY methods in conjunction with prefix location and alias directives. Successful exploitation may lead to the termination of the NGINX worker process, resulting in a Denial of Service (DoS), or allow for the modification of source or destination file names outside the intended document root.

8.2 (High)
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H
CWE-120 - Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
Vendor Fix For details on how to apply this update, which includes the changes described in this advisory, refer to: https://images.redhat.com/ https://access.redhat.com/errata/RHSA-2026:8346
Workaround Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.
CVE-2026-27784

A flaw was found in NGINX Open Source, specifically within the ngx_http_mp4_module. An attacker can exploit this memory corruption vulnerability by providing a specially crafted MP4 file. This can lead to an over-read or over-write of NGINX worker memory, causing the worker to terminate and resulting in a Denial of Service (DoS). This issue affects 32-bit NGINX Open Source when built with the ngx_http_mp4_module and the mp4 directive is used.

7.5 (High)
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CWE-190 - Integer Overflow or Wraparound
Vendor Fix For details on how to apply this update, which includes the changes described in this advisory, refer to: https://images.redhat.com/ https://access.redhat.com/errata/RHSA-2026:8346
Workaround Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.
CVE-2026-28753

A flaw was found in NGINX Plus and NGINX Open Source, specifically within the ngx_mail_smtp_module. This vulnerability allows an attacker-controlled DNS (Domain Name System) server to inject arbitrary headers into SMTP (Simple Mail Transfer Protocol) upstream requests. This is due to the improper handling of Carriage Return (CRLF) sequences in DNS responses. The primary consequence is the potential manipulation of these requests, which could alter their intended behavior.

3.7 (Low)
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N
CWE-93 - Improper Neutralization of CRLF Sequences ('CRLF Injection')
Vendor Fix For details on how to apply this update, which includes the changes described in this advisory, refer to: https://images.redhat.com/ https://access.redhat.com/errata/RHSA-2026:8346
Workaround Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.
CVE-2026-28755

A flaw was found in NGINX, specifically within its `ngx_stream_ssl_module`. When NGINX is configured to verify client certificates and use the Online Certificate Status Protocol (OCSP) for revocation checks, it fails to properly enforce the revocation status. This allows a Transport Layer Security (TLS) handshake to complete successfully, even if the client's certificate has been identified as revoked. Consequently, systems using revoked certificates may still be able to establish connections, potentially leading to unauthorized access or communication.

5.4 (Medium)
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
CWE-295 - Improper Certificate Validation
Vendor Fix For details on how to apply this update, which includes the changes described in this advisory, refer to: https://images.redhat.com/ https://access.redhat.com/errata/RHSA-2026:8346
Workaround Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.
CVE-2026-32647

A flaw was found in NGINX's ngx_http_mp4_module. This Out-of-Bounds Read/Write vulnerability occurs due to improper handling of specially crafted MP4 files. A local authenticated attacker, by supplying a malicious MP4 file, can trigger a buffer over-read or overwrite in worker memory. This can lead to process termination, potentially causing a denial-of-service or, under certain conditions, achieving code execution.

7.8 (High)
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CWE-125 - Out-of-bounds Read
Vendor Fix For details on how to apply this update, which includes the changes described in this advisory, refer to: https://images.redhat.com/ https://access.redhat.com/errata/RHSA-2026:8346
Workaround To mitigate this issue, disable the ngx_http_mp4_module in your NGINX configuration if MP4 file processing is not required. This can be done by commenting out or removing the mp4 directive from the NGINX configuration file. After modifying the configuration, a reload or restart of the NGINX service is required for the changes to take effect. Alternatively, restrict access to the NGINX server to trusted networks and users to prevent the upload and processing of malicious MP4 files.
References
https://access.redhat.com/errata/RHSA-2026:8346 self
https://images.redhat.com/ external
https://access.redhat.com/security/cve/CVE-2025-53859 external
https://access.redhat.com/security/updates/classi… external
https://access.redhat.com/security/cve/CVE-2026-27654 external
https://access.redhat.com/security/cve/CVE-2026-27784 external
https://access.redhat.com/security/cve/CVE-2026-28755 external
https://access.redhat.com/security/cve/CVE-2026-28753 external
https://access.redhat.com/security/cve/CVE-2026-27651 external
https://access.redhat.com/security/cve/CVE-2026-32647 external
https://access.redhat.com/security/cve/CVE-2026-1642 external
https://security.access.redhat.com/data/csaf/v2/a… self
https://access.redhat.com/security/cve/CVE-2025-53859 self
https://bugzilla.redhat.com/show_bug.cgi?id=2388238 external
https://www.cve.org/CVERecord?id=CVE-2025-53859 external
https://nvd.nist.gov/vuln/detail/CVE-2025-53859 external
https://my.f5.com/manage/s/article/K000152786 external
https://access.redhat.com/security/cve/CVE-2026-1642 self
https://bugzilla.redhat.com/show_bug.cgi?id=2436738 external
https://www.cve.org/CVERecord?id=CVE-2026-1642 external
https://nvd.nist.gov/vuln/detail/CVE-2026-1642 external
https://my.f5.com/manage/s/article/K000159824 external
https://access.redhat.com/security/cve/CVE-2026-27651 self
https://bugzilla.redhat.com/show_bug.cgi?id=2450791 external
https://www.cve.org/CVERecord?id=CVE-2026-27651 external
https://nvd.nist.gov/vuln/detail/CVE-2026-27651 external
https://my.f5.com/manage/s/article/K000160383 external
https://access.redhat.com/security/cve/CVE-2026-27654 self
https://bugzilla.redhat.com/show_bug.cgi?id=2450776 external
https://www.cve.org/CVERecord?id=CVE-2026-27654 external
https://nvd.nist.gov/vuln/detail/CVE-2026-27654 external
https://my.f5.com/manage/s/article/K000160382 external
https://access.redhat.com/security/cve/CVE-2026-27784 self
https://bugzilla.redhat.com/show_bug.cgi?id=2450785 external
https://www.cve.org/CVERecord?id=CVE-2026-27784 external
https://nvd.nist.gov/vuln/detail/CVE-2026-27784 external
https://my.f5.com/manage/s/article/K000160364 external
https://access.redhat.com/security/cve/CVE-2026-28753 self
https://bugzilla.redhat.com/show_bug.cgi?id=2450780 external
https://www.cve.org/CVERecord?id=CVE-2026-28753 external
https://nvd.nist.gov/vuln/detail/CVE-2026-28753 external
https://my.f5.com/manage/s/article/K000160367 external
https://access.redhat.com/security/cve/CVE-2026-28755 self
https://bugzilla.redhat.com/show_bug.cgi?id=2450779 external
https://www.cve.org/CVERecord?id=CVE-2026-28755 external
https://nvd.nist.gov/vuln/detail/CVE-2026-28755 external
https://my.f5.com/manage/s/article/K000160368 external
https://access.redhat.com/security/cve/CVE-2026-32647 self
https://bugzilla.redhat.com/show_bug.cgi?id=2449598 external
https://www.cve.org/CVERecord?id=CVE-2026-32647 external
https://nvd.nist.gov/vuln/detail/CVE-2026-32647 external
https://my.f5.com/manage/s/article/K000160366 external
Acknowledgments
Aisle Research Pavel Kohout
To clipboard 

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://access.redhat.com/security/updates/classification/",
      "text": "Important"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "An update for Red Hat Hardened Images RPMs is now available.",
        "title": "Topic"
      },
      {
        "category": "general",
        "text": "This update includes the following RPMs:\n\nnginx:\n  * nginx-1.30.0-1.hum1 (aarch64, x86_64)\n  * nginx-all-modules-1.30.0-1.hum1 (noarch)\n  * nginx-core-1.30.0-1.hum1 (aarch64, x86_64)\n  * nginx-filesystem-1.30.0-1.hum1 (noarch)\n  * nginx-mod-devel-1.30.0-1.hum1 (aarch64, x86_64)\n  * nginx-mod-http-geoip-1.30.0-1.hum1 (aarch64, x86_64)\n  * nginx-mod-http-image-filter-1.30.0-1.hum1 (aarch64, x86_64)\n  * nginx-mod-http-perl-1.30.0-1.hum1 (aarch64, x86_64)\n  * nginx-mod-http-xslt-filter-1.30.0-1.hum1 (aarch64, x86_64)\n  * nginx-mod-mail-1.30.0-1.hum1 (aarch64, x86_64)\n  * nginx-mod-stream-1.30.0-1.hum1 (aarch64, x86_64)\n  * nginx-mod-stream-geoip-1.30.0-1.hum1 (aarch64, x86_64)\n  * nginx-1.30.0-1.hum1.src (src)",
        "title": "Details"
      },
      {
        "category": "legal_disclaimer",
        "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
        "title": "Terms of Use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://access.redhat.com/security/team/contact/",
      "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
      "name": "Red Hat Product Security",
      "namespace": "https://www.redhat.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "https://access.redhat.com/errata/RHSA-2026:8346",
        "url": "https://access.redhat.com/errata/RHSA-2026:8346"
      },
      {
        "category": "external",
        "summary": "https://images.redhat.com/",
        "url": "https://images.redhat.com/"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/cve/CVE-2025-53859",
        "url": "https://access.redhat.com/security/cve/CVE-2025-53859"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/updates/classification/",
        "url": "https://access.redhat.com/security/updates/classification/"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/cve/CVE-2026-27654",
        "url": "https://access.redhat.com/security/cve/CVE-2026-27654"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/cve/CVE-2026-27784",
        "url": "https://access.redhat.com/security/cve/CVE-2026-27784"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/cve/CVE-2026-28755",
        "url": "https://access.redhat.com/security/cve/CVE-2026-28755"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/cve/CVE-2026-28753",
        "url": "https://access.redhat.com/security/cve/CVE-2026-28753"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/cve/CVE-2026-27651",
        "url": "https://access.redhat.com/security/cve/CVE-2026-27651"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/cve/CVE-2026-32647",
        "url": "https://access.redhat.com/security/cve/CVE-2026-32647"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/cve/CVE-2026-1642",
        "url": "https://access.redhat.com/security/cve/CVE-2026-1642"
      },
      {
        "category": "self",
        "summary": "Canonical URL",
        "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_8346.json"
      }
    ],
    "title": "Red Hat Security Advisory: Red Hat Hardened Images RPMs bug fix and enhancement update",
    "tracking": {
      "current_release_date": "2026-04-19T19:40:53+00:00",
      "generator": {
        "date": "2026-04-19T19:40:53+00:00",
        "engine": {
          "name": "Red Hat SDEngine",
          "version": "4.7.5"
        }
      },
      "id": "RHSA-2026:8346",
      "initial_release_date": "2026-04-15T21:09:22+00:00",
      "revision_history": [
        {
          "date": "2026-04-15T21:09:22+00:00",
          "number": "1",
          "summary": "Initial version"
        },
        {
          "date": "2026-04-18T20:02:15+00:00",
          "number": "2",
          "summary": "Last updated version"
        },
        {
          "date": "2026-04-19T19:40:53+00:00",
          "number": "3",
          "summary": "Last generated version"
        }
      ],
      "status": "final",
      "version": "3"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "Red Hat Hardened Images",
                "product": {
                  "name": "Red Hat Hardened Images",
                  "product_id": "Red Hat Hardened Images",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:hummingbird:1"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "Red Hat Hardened Images"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "nginx-main@aarch64",
                "product": {
                  "name": "nginx-main@aarch64",
                  "product_id": "nginx-main@aarch64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nginx@1.30.0-1.hum1?arch=aarch64\u0026distro=hummingbird-20251124\u0026repository_id=public-hummingbird-aarch64-rpms"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "aarch64"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "nginx-main@src",
                "product": {
                  "name": "nginx-main@src",
                  "product_id": "nginx-main@src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nginx@1.30.0-1.hum1?arch=src\u0026distro=hummingbird-20251124\u0026repository_id=public-hummingbird-source-rpms"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "src"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "nginx-main@x86_64",
                "product": {
                  "name": "nginx-main@x86_64",
                  "product_id": "nginx-main@x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nginx@1.30.0-1.hum1?arch=x86_64\u0026distro=hummingbird-20251124\u0026repository_id=public-hummingbird-x86_64-rpms"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "x86_64"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "nginx-main@noarch",
                "product": {
                  "name": "nginx-main@noarch",
                  "product_id": "nginx-main@noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nginx-all-modules@1.30.0-1.hum1?arch=noarch\u0026distro=hummingbird-20251124\u0026repository_id=public-hummingbird-x86_64-rpms"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "noarch"
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nginx-main@aarch64 as a component of Red Hat Hardened Images",
          "product_id": "Red Hat Hardened Images:nginx-main@aarch64"
        },
        "product_reference": "nginx-main@aarch64",
        "relates_to_product_reference": "Red Hat Hardened Images"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nginx-main@noarch as a component of Red Hat Hardened Images",
          "product_id": "Red Hat Hardened Images:nginx-main@noarch"
        },
        "product_reference": "nginx-main@noarch",
        "relates_to_product_reference": "Red Hat Hardened Images"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nginx-main@src as a component of Red Hat Hardened Images",
          "product_id": "Red Hat Hardened Images:nginx-main@src"
        },
        "product_reference": "nginx-main@src",
        "relates_to_product_reference": "Red Hat Hardened Images"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nginx-main@x86_64 as a component of Red Hat Hardened Images",
          "product_id": "Red Hat Hardened Images:nginx-main@x86_64"
        },
        "product_reference": "nginx-main@x86_64",
        "relates_to_product_reference": "Red Hat Hardened Images"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2025-53859",
      "cwe": {
        "id": "CWE-125",
        "name": "Out-of-bounds Read"
      },
      "discovery_date": "2025-08-13T15:00:48.969058+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2388238"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A memory access flaw has been discovered in nginx. The ngx_mail_smtp_module might allow an unauthenticated attacker to over-read NGINX SMTP authentication process memory. As a result, the server side may leak arbitrary bytes sent in a request to the authentication server. This issue occurs during the NGINX SMTP authentication process, requiring the attacker to prepare against the target system to extract the leaked data.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "nginx: NGINX ngx_mail_smtp_module vulnerability",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat Hardened Images:nginx-main@aarch64",
          "Red Hat Hardened Images:nginx-main@noarch",
          "Red Hat Hardened Images:nginx-main@src",
          "Red Hat Hardened Images:nginx-main@x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2025-53859"
        },
        {
          "category": "external",
          "summary": "RHBZ#2388238",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2388238"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2025-53859",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-53859"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-53859",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-53859"
        },
        {
          "category": "external",
          "summary": "https://my.f5.com/manage/s/article/K000152786",
          "url": "https://my.f5.com/manage/s/article/K000152786"
        }
      ],
      "release_date": "2025-08-13T14:46:55.471000+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2026-04-15T21:09:22+00:00",
          "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://images.redhat.com/",
          "product_ids": [
            "Red Hat Hardened Images:nginx-main@aarch64",
            "Red Hat Hardened Images:nginx-main@noarch",
            "Red Hat Hardened Images:nginx-main@src",
            "Red Hat Hardened Images:nginx-main@x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2026:8346"
        },
        {
          "category": "workaround",
          "details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
          "product_ids": [
            "Red Hat Hardened Images:nginx-main@aarch64",
            "Red Hat Hardened Images:nginx-main@noarch",
            "Red Hat Hardened Images:nginx-main@src",
            "Red Hat Hardened Images:nginx-main@x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 3.7,
            "baseSeverity": "LOW",
            "confidentialityImpact": "LOW",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "Red Hat Hardened Images:nginx-main@aarch64",
            "Red Hat Hardened Images:nginx-main@noarch",
            "Red Hat Hardened Images:nginx-main@src",
            "Red Hat Hardened Images:nginx-main@x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Low"
        }
      ],
      "title": "nginx: NGINX ngx_mail_smtp_module vulnerability"
    },
    {
      "cve": "CVE-2026-1642",
      "cwe": {
        "id": "CWE-349",
        "name": "Acceptance of Extraneous Untrusted Data With Trusted Data"
      },
      "discovery_date": "2026-02-04T16:00:52.156255+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2436738"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in NGINX. When NGINX is configured to proxy to upstream Transport Layer Security (TLS) servers, An attacker with a man-in-the-middle (MITM) position on the upstream server side\u2014along with conditions beyond the attacker\u0027s control\u2014may be able to inject plain text data into the response from an upstream proxied server.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "nginx: NGINX: Data injection via man-in-the-middle attack on TLS proxied connections",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat Hardened Images:nginx-main@aarch64",
          "Red Hat Hardened Images:nginx-main@noarch",
          "Red Hat Hardened Images:nginx-main@src",
          "Red Hat Hardened Images:nginx-main@x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2026-1642"
        },
        {
          "category": "external",
          "summary": "RHBZ#2436738",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2436738"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2026-1642",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-1642"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-1642",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-1642"
        },
        {
          "category": "external",
          "summary": "https://my.f5.com/manage/s/article/K000159824",
          "url": "https://my.f5.com/manage/s/article/K000159824"
        }
      ],
      "release_date": "2026-02-04T15:02:06.154000+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2026-04-15T21:09:22+00:00",
          "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://images.redhat.com/",
          "product_ids": [
            "Red Hat Hardened Images:nginx-main@aarch64",
            "Red Hat Hardened Images:nginx-main@noarch",
            "Red Hat Hardened Images:nginx-main@src",
            "Red Hat Hardened Images:nginx-main@x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2026:8346"
        },
        {
          "category": "workaround",
          "details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
          "product_ids": [
            "Red Hat Hardened Images:nginx-main@aarch64",
            "Red Hat Hardened Images:nginx-main@noarch",
            "Red Hat Hardened Images:nginx-main@src",
            "Red Hat Hardened Images:nginx-main@x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 5.9,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N",
            "version": "3.1"
          },
          "products": [
            "Red Hat Hardened Images:nginx-main@aarch64",
            "Red Hat Hardened Images:nginx-main@noarch",
            "Red Hat Hardened Images:nginx-main@src",
            "Red Hat Hardened Images:nginx-main@x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "nginx: NGINX: Data injection via man-in-the-middle attack on TLS proxied connections"
    },
    {
      "cve": "CVE-2026-27651",
      "cwe": {
        "id": "CWE-476",
        "name": "NULL Pointer Dereference"
      },
      "discovery_date": "2026-03-24T15:02:32.414082+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2450791"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in NGINX, specifically within the ngx_mail_auth_http_module. When this module is enabled, and CRAM-MD5 or APOP authentication is active with an authentication server that permits retries, undisclosed requests can cause NGINX worker processes to terminate. This can lead to a Denial of Service (DoS), making the affected NGINX instance unavailable to legitimate users.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "NGINX: NGINX: Denial of Service via undisclosed requests when ngx_mail_auth_http_module is enabled",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat Hardened Images:nginx-main@aarch64",
          "Red Hat Hardened Images:nginx-main@noarch",
          "Red Hat Hardened Images:nginx-main@src",
          "Red Hat Hardened Images:nginx-main@x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2026-27651"
        },
        {
          "category": "external",
          "summary": "RHBZ#2450791",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2450791"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2026-27651",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-27651"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-27651",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-27651"
        },
        {
          "category": "external",
          "summary": "https://my.f5.com/manage/s/article/K000160383",
          "url": "https://my.f5.com/manage/s/article/K000160383"
        }
      ],
      "release_date": "2026-03-24T14:13:27.295000+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2026-04-15T21:09:22+00:00",
          "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://images.redhat.com/",
          "product_ids": [
            "Red Hat Hardened Images:nginx-main@aarch64",
            "Red Hat Hardened Images:nginx-main@noarch",
            "Red Hat Hardened Images:nginx-main@src",
            "Red Hat Hardened Images:nginx-main@x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2026:8346"
        },
        {
          "category": "workaround",
          "details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
          "product_ids": [
            "Red Hat Hardened Images:nginx-main@aarch64",
            "Red Hat Hardened Images:nginx-main@noarch",
            "Red Hat Hardened Images:nginx-main@src",
            "Red Hat Hardened Images:nginx-main@x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "Red Hat Hardened Images:nginx-main@aarch64",
            "Red Hat Hardened Images:nginx-main@noarch",
            "Red Hat Hardened Images:nginx-main@src",
            "Red Hat Hardened Images:nginx-main@x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "NGINX: NGINX: Denial of Service via undisclosed requests when ngx_mail_auth_http_module is enabled"
    },
    {
      "cve": "CVE-2026-27654",
      "cwe": {
        "id": "CWE-120",
        "name": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)"
      },
      "discovery_date": "2026-03-24T15:01:19.814138+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2450776"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in NGINX. A remote attacker can exploit a buffer overflow vulnerability within the ngx_http_dav_module module. This occurs when the NGINX configuration uses DAV module MOVE or COPY methods in conjunction with prefix location and alias directives. Successful exploitation may lead to the termination of the NGINX worker process, resulting in a Denial of Service (DoS), or allow for the modification of source or destination file names outside the intended document root.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "NGINX: NGINX: Denial of Service or file modification via buffer overflow in ngx_http_dav_module",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat Hardened Images:nginx-main@aarch64",
          "Red Hat Hardened Images:nginx-main@noarch",
          "Red Hat Hardened Images:nginx-main@src",
          "Red Hat Hardened Images:nginx-main@x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2026-27654"
        },
        {
          "category": "external",
          "summary": "RHBZ#2450776",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2450776"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2026-27654",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-27654"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-27654",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-27654"
        },
        {
          "category": "external",
          "summary": "https://my.f5.com/manage/s/article/K000160382",
          "url": "https://my.f5.com/manage/s/article/K000160382"
        }
      ],
      "release_date": "2026-03-24T14:13:26.879000+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2026-04-15T21:09:22+00:00",
          "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://images.redhat.com/",
          "product_ids": [
            "Red Hat Hardened Images:nginx-main@aarch64",
            "Red Hat Hardened Images:nginx-main@noarch",
            "Red Hat Hardened Images:nginx-main@src",
            "Red Hat Hardened Images:nginx-main@x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2026:8346"
        },
        {
          "category": "workaround",
          "details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
          "product_ids": [
            "Red Hat Hardened Images:nginx-main@aarch64",
            "Red Hat Hardened Images:nginx-main@noarch",
            "Red Hat Hardened Images:nginx-main@src",
            "Red Hat Hardened Images:nginx-main@x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8.2,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H",
            "version": "3.1"
          },
          "products": [
            "Red Hat Hardened Images:nginx-main@aarch64",
            "Red Hat Hardened Images:nginx-main@noarch",
            "Red Hat Hardened Images:nginx-main@src",
            "Red Hat Hardened Images:nginx-main@x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "NGINX: NGINX: Denial of Service or file modification via buffer overflow in ngx_http_dav_module"
    },
    {
      "cve": "CVE-2026-27784",
      "cwe": {
        "id": "CWE-190",
        "name": "Integer Overflow or Wraparound"
      },
      "discovery_date": "2026-03-24T15:02:07.092253+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2450785"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in NGINX Open Source, specifically within the ngx_http_mp4_module. An attacker can exploit this memory corruption vulnerability by providing a specially crafted MP4 file. This can lead to an over-read or over-write of NGINX worker memory, causing the worker to terminate and resulting in a Denial of Service (DoS). This issue affects 32-bit NGINX Open Source when built with the ngx_http_mp4_module and the mp4 directive is used.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "NGINX: NGINX: Denial of Service due to memory corruption via crafted MP4 file",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat Hardened Images:nginx-main@aarch64",
          "Red Hat Hardened Images:nginx-main@noarch",
          "Red Hat Hardened Images:nginx-main@src",
          "Red Hat Hardened Images:nginx-main@x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2026-27784"
        },
        {
          "category": "external",
          "summary": "RHBZ#2450785",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2450785"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2026-27784",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-27784"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-27784",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-27784"
        },
        {
          "category": "external",
          "summary": "https://my.f5.com/manage/s/article/K000160364",
          "url": "https://my.f5.com/manage/s/article/K000160364"
        }
      ],
      "release_date": "2026-03-24T14:13:25.343000+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2026-04-15T21:09:22+00:00",
          "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://images.redhat.com/",
          "product_ids": [
            "Red Hat Hardened Images:nginx-main@aarch64",
            "Red Hat Hardened Images:nginx-main@noarch",
            "Red Hat Hardened Images:nginx-main@src",
            "Red Hat Hardened Images:nginx-main@x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2026:8346"
        },
        {
          "category": "workaround",
          "details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
          "product_ids": [
            "Red Hat Hardened Images:nginx-main@aarch64",
            "Red Hat Hardened Images:nginx-main@noarch",
            "Red Hat Hardened Images:nginx-main@src",
            "Red Hat Hardened Images:nginx-main@x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "Red Hat Hardened Images:nginx-main@aarch64",
            "Red Hat Hardened Images:nginx-main@noarch",
            "Red Hat Hardened Images:nginx-main@src",
            "Red Hat Hardened Images:nginx-main@x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "NGINX: NGINX: Denial of Service due to memory corruption via crafted MP4 file"
    },
    {
      "cve": "CVE-2026-28753",
      "cwe": {
        "id": "CWE-93",
        "name": "Improper Neutralization of CRLF Sequences (\u0027CRLF Injection\u0027)"
      },
      "discovery_date": "2026-03-24T15:01:42.770880+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2450780"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in NGINX Plus and NGINX Open Source, specifically within the ngx_mail_smtp_module. This vulnerability allows an attacker-controlled DNS (Domain Name System) server to inject arbitrary headers into SMTP (Simple Mail Transfer Protocol) upstream requests. This is due to the improper handling of Carriage Return (CRLF) sequences in DNS responses. The primary consequence is the potential manipulation of these requests, which could alter their intended behavior.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "NGINX: NGINX Plus: NGINX Open Source: NGINX Plus and NGINX Open Source: Request manipulation via header injection in SMTP upstream requests",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat Hardened Images:nginx-main@aarch64",
          "Red Hat Hardened Images:nginx-main@noarch",
          "Red Hat Hardened Images:nginx-main@src",
          "Red Hat Hardened Images:nginx-main@x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2026-28753"
        },
        {
          "category": "external",
          "summary": "RHBZ#2450780",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2450780"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2026-28753",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-28753"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-28753",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-28753"
        },
        {
          "category": "external",
          "summary": "https://my.f5.com/manage/s/article/K000160367",
          "url": "https://my.f5.com/manage/s/article/K000160367"
        }
      ],
      "release_date": "2026-03-24T14:13:26.107000+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2026-04-15T21:09:22+00:00",
          "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://images.redhat.com/",
          "product_ids": [
            "Red Hat Hardened Images:nginx-main@aarch64",
            "Red Hat Hardened Images:nginx-main@noarch",
            "Red Hat Hardened Images:nginx-main@src",
            "Red Hat Hardened Images:nginx-main@x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2026:8346"
        },
        {
          "category": "workaround",
          "details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
          "product_ids": [
            "Red Hat Hardened Images:nginx-main@aarch64",
            "Red Hat Hardened Images:nginx-main@noarch",
            "Red Hat Hardened Images:nginx-main@src",
            "Red Hat Hardened Images:nginx-main@x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 3.7,
            "baseSeverity": "LOW",
            "confidentialityImpact": "NONE",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N",
            "version": "3.1"
          },
          "products": [
            "Red Hat Hardened Images:nginx-main@aarch64",
            "Red Hat Hardened Images:nginx-main@noarch",
            "Red Hat Hardened Images:nginx-main@src",
            "Red Hat Hardened Images:nginx-main@x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Low"
        }
      ],
      "title": "NGINX: NGINX Plus: NGINX Open Source: NGINX Plus and NGINX Open Source: Request manipulation via header injection in SMTP upstream requests"
    },
    {
      "cve": "CVE-2026-28755",
      "cwe": {
        "id": "CWE-295",
        "name": "Improper Certificate Validation"
      },
      "discovery_date": "2026-03-24T15:01:35.937683+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2450779"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in NGINX, specifically within its `ngx_stream_ssl_module`. When NGINX is configured to verify client certificates and use the Online Certificate Status Protocol (OCSP) for revocation checks, it fails to properly enforce the revocation status. This allows a Transport Layer Security (TLS) handshake to complete successfully, even if the client\u0027s certificate has been identified as revoked. Consequently, systems using revoked certificates may still be able to establish connections, potentially leading to unauthorized access or communication.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "NGINX: NGINX: Certificate revocation bypass when OCSP is enabled",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat Hardened Images:nginx-main@aarch64",
          "Red Hat Hardened Images:nginx-main@noarch",
          "Red Hat Hardened Images:nginx-main@src",
          "Red Hat Hardened Images:nginx-main@x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2026-28755"
        },
        {
          "category": "external",
          "summary": "RHBZ#2450779",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2450779"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2026-28755",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-28755"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-28755",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-28755"
        },
        {
          "category": "external",
          "summary": "https://my.f5.com/manage/s/article/K000160368",
          "url": "https://my.f5.com/manage/s/article/K000160368"
        }
      ],
      "release_date": "2026-03-24T14:13:26.502000+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2026-04-15T21:09:22+00:00",
          "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://images.redhat.com/",
          "product_ids": [
            "Red Hat Hardened Images:nginx-main@aarch64",
            "Red Hat Hardened Images:nginx-main@noarch",
            "Red Hat Hardened Images:nginx-main@src",
            "Red Hat Hardened Images:nginx-main@x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2026:8346"
        },
        {
          "category": "workaround",
          "details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
          "product_ids": [
            "Red Hat Hardened Images:nginx-main@aarch64",
            "Red Hat Hardened Images:nginx-main@noarch",
            "Red Hat Hardened Images:nginx-main@src",
            "Red Hat Hardened Images:nginx-main@x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 5.4,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
            "version": "3.1"
          },
          "products": [
            "Red Hat Hardened Images:nginx-main@aarch64",
            "Red Hat Hardened Images:nginx-main@noarch",
            "Red Hat Hardened Images:nginx-main@src",
            "Red Hat Hardened Images:nginx-main@x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "NGINX: NGINX: Certificate revocation bypass when OCSP is enabled"
    },
    {
      "acknowledgments": [
        {
          "names": [
            "Pavel Kohout"
          ],
          "organization": "Aisle Research"
        }
      ],
      "cve": "CVE-2026-32647",
      "cwe": {
        "id": "CWE-125",
        "name": "Out-of-bounds Read"
      },
      "discovery_date": "2026-03-20T11:44:34.715000+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2449598"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in NGINX\u0027s ngx_http_mp4_module. This Out-of-Bounds Read/Write vulnerability occurs due to improper handling of specially crafted MP4 files. A local authenticated attacker, by supplying a malicious MP4 file, can trigger a buffer over-read or overwrite in worker memory. This can lead to process termination, potentially causing a denial-of-service or, under certain conditions, achieving code execution.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "nginx: NGINX: Denial of Service or Code Execution via specially crafted MP4 files",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "This IMPORTANT vulnerability in the NGINX ngx_http_mp4_module is due to improper handling of specially crafted MP4 files. A local authenticated attacker could exploit this flaw by providing a malicious MP4 file, leading to a denial of service or potentially arbitrary code execution. Red Hat products utilizing NGINX with the ngx_http_mp4_module enabled are affected if untrusted MP4 files are processed.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat Hardened Images:nginx-main@aarch64",
          "Red Hat Hardened Images:nginx-main@noarch",
          "Red Hat Hardened Images:nginx-main@src",
          "Red Hat Hardened Images:nginx-main@x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2026-32647"
        },
        {
          "category": "external",
          "summary": "RHBZ#2449598",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2449598"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2026-32647",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-32647"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-32647",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-32647"
        },
        {
          "category": "external",
          "summary": "https://my.f5.com/manage/s/article/K000160366",
          "url": "https://my.f5.com/manage/s/article/K000160366"
        }
      ],
      "release_date": "2026-03-24T18:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2026-04-15T21:09:22+00:00",
          "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://images.redhat.com/",
          "product_ids": [
            "Red Hat Hardened Images:nginx-main@aarch64",
            "Red Hat Hardened Images:nginx-main@noarch",
            "Red Hat Hardened Images:nginx-main@src",
            "Red Hat Hardened Images:nginx-main@x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2026:8346"
        },
        {
          "category": "workaround",
          "details": "To mitigate this issue, disable the ngx_http_mp4_module in your NGINX configuration if MP4 file processing is not required. This can be done by commenting out or removing the mp4 directive from the NGINX configuration file. After modifying the configuration, a reload or restart of the NGINX service is required for the changes to take effect.\n\nAlternatively, restrict access to the NGINX server to trusted networks and users to prevent the upload and processing of malicious MP4 files.",
          "product_ids": [
            "Red Hat Hardened Images:nginx-main@aarch64",
            "Red Hat Hardened Images:nginx-main@noarch",
            "Red Hat Hardened Images:nginx-main@src",
            "Red Hat Hardened Images:nginx-main@x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "Red Hat Hardened Images:nginx-main@aarch64",
            "Red Hat Hardened Images:nginx-main@noarch",
            "Red Hat Hardened Images:nginx-main@src",
            "Red Hat Hardened Images:nginx-main@x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "nginx: NGINX: Denial of Service or Code Execution via specially crafted MP4 files"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.