8.5
CVE-2026-27784
- EPSS 1.03%
- Veröffentlicht 24.03.2026 14:13:25
- Zuletzt bearbeitet 30.06.2026 03:17:57
- Quelle f5sirt@f5.com
- CVE-Watchlists
- Unerledigt
NGINX ngx_http_mp4_module vulnerability
The 32-bit implementation of NGINX Open Source has a vulnerability in the ngx_http_mp4_module module, which might allow an attacker to over-read or over-write NGINX worker memory resulting in its termination, using a specially crafted MP4 file. The issue only affects 32-bit NGINX Open Source if it is built with the ngx_http_mp4_module module and the mp4 directive is used in the configuration file. Additionally, the attack is possible only if an attacker can trigger the processing of a specially crafted MP4 file with the ngx_http_mp4_module module. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
F5 ≫ Nginx Open Source Version >= 1.1.19 < 1.28.3
F5 ≫ Nginx Open Source Version >= 1.29.0 < 1.29.7
VulnDex Vulnerability Enrichment
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 1.03% | 0.594 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| f5sirt@f5.com | 7.8 | 1.8 | 5.9 |
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
|
| f5sirt@f5.com | 8.5 | 0 | 0 |
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
|
| nvd@nist.gov | 5.5 | 1.8 | 3.6 |
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
|
| 0b0ca135-0b70-47e7-9f44-1890c2a1c46c | 7.5 | 3.9 | 3.6 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
|
CWE-190 Integer Overflow or Wraparound
The product performs a calculation that can produce an integer overflow or wraparound when the logic assumes that the resulting value will always be larger than the original value. This occurs when an integer value is incremented to a value that is too large to store in the associated representation. When this occurs, the value may become a very small or negative number.
https://my.f5.com/manage/s/article/K000160364
https://access.redhat.com/errata/RHSA-2026:10065
https://access.redhat.com/errata/RHSA-2026:13634
https://access.redhat.com/errata/RHSA-2026:13680
https://access.redhat.com/errata/RHSA-2026:13839
https://access.redhat.com/errata/RHSA-2026:14836
https://access.redhat.com/errata/RHSA-2026:15942
https://access.redhat.com/errata/RHSA-2026:15943
https://access.redhat.com/errata/RHSA-2026:15945
https://access.redhat.com/errata/RHSA-2026:15966
https://access.redhat.com/errata/RHSA-2026:6906
https://access.redhat.com/errata/RHSA-2026:6907
https://access.redhat.com/errata/RHSA-2026:6923
https://access.redhat.com/errata/RHSA-2026:7002
https://access.redhat.com/errata/RHSA-2026:7343
https://access.redhat.com/errata/RHSA-2026:8346
https://access.redhat.com/security/cve/CVE-2026-27784
https://bugzilla.redhat.com/show_bug.cgi?id=2450785
https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-27784.json