CVE-2026-27651

216.73.217.22

· Published 24/03/2026 15:16 · Modified 24/03/2026 15:53

Labels: CVE-2026-27651 2026-03-24 CVE-2026-27651 CWE-476 [email protected]

Essential information

Published: 24/03/2026 15:16
Modified: 24/03/2026 15:53
Author: —
Creator: —
CVSS: 8.7 HIGH (v3) 8.7 HIGH (v4.0)
CISA KEV: No
CWE: —
CVSS vector: —

CVSS metrics

Description

When the ngx_mail_auth_http_module module is enabled on NGINX Plus or NGINX Open Source, undisclosed requests can cause worker processes to terminate. This issue may occur when (1) CRAM-MD5 or APOP authentication is enabled, and (2) the authentication server permits retry by returning the Auth-Wait response header. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

NVD status

Status: Awaiting Analysis — CVE has been marked for Analysis. Normally once in this state the CVE will be analyzed by NVD staff within 24 hours.
Source: [email protected]
NVD: View on NVD

Affected products (CPE)

Product	CPE
nginx / nginx plus	`cpe:2.3:a:nginx:nginx_plus::::::::`
nginx / nginx open source	`cpe:2.3:a:nginx:nginx_open_source::::::::`