216.73.217.98

CVE-2026-27784

· Published 24/03/2026 15:16 · Modified 24/03/2026 15:53

Labels: CVE-2026-27784 2026-03-24CVE-2026-27784CWE-190[email protected]

Essential information

Published
24/03/2026 15:16
Modified
24/03/2026 15:53
Author
Creator
CVSS
8.5 HIGH (v3) 8.5 HIGH (v4.0)
CISA KEV
No
CWE
CVSS vector

CVSS metrics

Description

The 32-bit implementation of NGINX Open Source has a vulnerability in the ngx_http_mp4_module module, which might allow an attacker to over-read or over-write NGINX worker memory resulting in its termination, using a specially crafted MP4 file. The issue only affects 32-bit NGINX Open Source if it is built with the ngx_http_mp4_module module and the mp4 directive is used in the configuration file. Additionally, the attack is possible only if an attacker can trigger the processing of a specially crafted MP4 file with the ngx_http_mp4_module module. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

NVD status

Status
Awaiting Analysis — CVE has been marked for Analysis. Normally once in this state the CVE will be analyzed by NVD staff within 24 hours.
Source
[email protected]
NVD
View on NVD

Affected products (CPE)

ProductCPE
nginx / nginx cpe:2.3:a:nginx:nginx:*:*:*:*:*:*:*:*
nginx / ngx http mp4 module cpe:2.3:a:nginx:ngx_http_mp4_module:*:*:*:*:*:*:*:*

References