CVE-2026-27654

Medienbericht

EPSS 0.04%
Veröffentlicht 24.03.2026 14:13:26
Zuletzt bearbeitet 26.03.2026 21:16:16
Quelle f5sirt@f5.com
CVE-Watchlists
Login
Unerledigt
Login

NGINX ngx_http_dav_module vulnerability

NGINX Open Source and NGINX Plus have a vulnerability in the ngx_http_dav_module module that might allow an attacker to trigger a buffer overflow to the NGINX worker process; this vulnerability may result in termination of the NGINX worker process or modification of source or destination file names outside the document root. This issue affects NGINX Open Source and NGINX Plus when the configuration file uses DAV module MOVE or COPY methods, prefix location (nonregular expression location configuration), and alias directives. The integrity impact is constrained because the NGINX worker process user has low privileges and does not have access to the entire system. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 5

NVD 19 VulnDex Vulnerability Enrichment 2

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

F5 ≫ Nginx Plus Versionr32 Updatep1

F5 ≫ Nginx Plus Versionr32 Updatep2

F5 ≫ Nginx Plus Versionr32 Updatep3

F5 ≫ Nginx Plus Versionr32 Updatep4

F5 ≫ Nginx Plus Versionr33

F5 ≫ Nginx Plus Versionr33 Updatep1

F5 ≫ Nginx Plus Versionr33 Updatep2

F5 ≫ Nginx Plus Versionr33 Updatep3

F5 ≫ Nginx Plus Versionr34

F5 ≫ Nginx Plus Versionr34 Updatep1

F5 ≫ Nginx Plus Versionr34 Updatep2

F5 ≫ Nginx Plus Versionr35

F5 ≫ Nginx Plus Versionr35 Updatep1

F5 ≫ Nginx Plus Versionr36

F5 ≫ Nginx Plus Versionr36 Updatep1

F5 ≫ Nginx Plus Versionr36 Updatep2

F5 ≫ Nginx Open Source Version >= 0.5.13 <= 0.9.7

F5 ≫ Nginx Open Source Version >= 1.0.0 < 1.28.3

F5 ≫ Nginx Open Source Version >= 1.29.0 < 1.29.7

VulnDex Vulnerability Enrichment

Diese Information steht angemeldeten Benutzern zur Verfügung.

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.04%	0.102

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
f5sirt@f5.com	8.2	3.9	4.2	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H
f5sirt@f5.com	8.8	0	0	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

CWE-122 Heap-based Buffer Overflow

A heap overflow condition is a buffer overflow, where the buffer that can be overwritten is allocated in the heap portion of memory, generally meaning that the buffer was allocated using a routine such as malloc().

https://thehackernews.com/2026/04/weekly-recap-fast16-malware-xchat.html

Media Report

https://my.f5.com/manage/s/article/K000160382

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2026-27654

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2026-27654

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2026-27654

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2026-27654