BIT-nginx-2026-27651

See a problem?
Import Source
https://github.com/bitnami/vulndb/tree/main/data/nginx/BIT-nginx-2026-27651.json
JSON Data
https://api.osv.dev/v1/vulns/BIT-nginx-2026-27651
Aliases
Published
2026-03-27T07:10:02.387Z
Modified
2026-07-06T08:00:58.364872334Z
Summary
NGINX ngx_mail_auth_http_module vulnerability
Details

When the ngxmailauthhttpmodule module is enabled on NGINX Plus or NGINX Open Source, undisclosed requests can cause worker processes to terminate. This issue may occur when (1) CRAM-MD5 or APOP authentication is enabled, and (2) the authentication server permits retry by returning the Auth-Wait response header. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

Database specific
{
    "severity": "High",
    "cpes": [
        "cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*"
    ]
}
References

Affected packages

Bitnami / nginx

Package

Name
nginx
Purl
pkg:bitnami/nginx

Severity

  • 8.7 (High) CVSS_V4 - CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X CVSS Calculator

Affected ranges

Type
SEMVER
Events
Introduced
0.5.15
Fixed
1.28.3
Introduced
1.29.0
Fixed
1.29.7

Database specific

source
"https://github.com/bitnami/vulndb/tree/main/data/nginx/BIT-nginx-2026-27651.json"