HIGH🇬🇧 English

CVE-2026-32647

CVSS 8.5v4.0pub. 2026-03-24upd. 2026-06-30

NGINX Open Source and NGINX Plus have a vulnerability in the ngx_http_mp4_module module, which might allow an attacker to trigger a buffer over-read or over-write to the NGINX worker memory resulting in its termination or possibly code execution, using a specially crafted MP4 file. This issue affects NGINX Open Source and NGINX Plus if it is built with the ngx_http_mp4_module module and the mp4 directive is used in the configuration file. Additionally, the attack is possible only if an attacker can trigger the processing of a specially crafted MP4 file with the ngx_http_mp4_module module. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

oryginał EN
CVSS Vector
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
  • F5 nginx Open Source

    APP
    F5
    1.1.19 – 1.28.3 (bez)1.29.0 – 1.29.7 (bez)
  • F5 nginx Plus

    APP
    F5
    r32r33r34r35r36
🔵
ZWERYFIKUJ U PRODUCENTA
Brak jednoznacznych danych o patchu. Sprawdź referencje od producenta.
Tagi
RCE
CWE
Referencje

Powiązane podatności

CVE-2026-42530CRITICAL9.2ten sam produkt

NGINX Open Source has a vulnerability in the ngx_http_v3_module module. When NGINX Open Source is configured t...

CVE-2026-42055CRITICAL9.2ten sam produkt

NGINX Plus and NGINX Open Source have a vulnerability in the ngx_http_proxy_v2_module and ngx_http_grpc_module...

CVE-2026-9256CRITICAL9.2PL ✓ten sam produkt

Heap buffer overflow w NGINX w module ngx_http_rewrite_module (RCE)

CVE-2026-42945CRITICAL9.2PL ✓ten sam produkt

NGINX heap buffer overflow w module ngx_http_rewrite_module (RCE/restart)

CVE-2026-42946HIGH8.3ten sam produkt

A vulnerability exists in the ngx_http_scgi_module and ngx_http_uwsgi_module modules that may result in excess...