VDB
BIT-nginx-2026-27651
BIT-nginx-2026-27651
PUBLISHED
CVSS 8.699999809265137 HIGH
NGINX ngx_mail_auth_http_module vulnerability
Risk Scores
CVSS 4.0
8.699999809265137
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Bitnami | nginx | 0.5.15, 1.29.0, 1.29.0 |
Exploit Intelligence
- OpenTelemetry eBPF Instrumentation provides eBPF instrumentation based on the OpenTelemetry standard. Prior to version 0.9.0, the Postgres protocol parser assumes BIND message payloads contain a valid NUL-terminated portal name. A crafted empty or unterminated payload can make OBI slice beyond the end of the captured buffer and panic (Denial Of Service Condition) how detection works CVE-2026-45678-pgsql.nse checks for PostgreSQL database version to comfirm the service state, if any PostgreSQL... (nmap-nse)
- Module Author: r00t-3xp10it - v1.4 CVE-2026-27651 is a Null Pointer Dereference vulnerability affecting the ngx_mail_auth_http_module module in NGINX Plus and NGINX Open Source. When this module is enabled and specific authentication configurations are active, specially crafted undisclosed requests can cause NGINX worker processes to terminate unexpectedly (This vulnerability creates a denial of service condition) how detection works CVE-2026-27651-nginx.nse detects HTTP authentication server... (nmap-nse)
- list.json (github-poc)
- changes.xml (github-poc)
Timeline
- Mar 27, 2026 CVE Published
- Mar 27, 2026 CVE Updated
- May 21, 2026 PoC Published
- Jun 10, 2026 PoC Published