Debian Nginx vulnerabilities

CVE-2026-1642 [HIGH] CVE-2026-1642: nginx - A vulnerability exists in NGINX OSS and NGINX Plus when configured to proxy to u... A vulnerability exists in NGINX OSS and NGINX Plus when configured to proxy to upstream Transport Layer Security (TLS) servers. An attacker with a man-in-the-middle (MITM) position on the upstream server side—along with conditions beyond the attacker's control—may be able to inject plain text data into the response from an upstream proxied server. Note: Software version

CVE-2026-32647 [HIGH] CVE-2026-32647: nginx - NGINX Open Source and NGINX Plus have a vulnerability in the ngx_http_mp4_module... NGINX Open Source and NGINX Plus have a vulnerability in the ngx_http_mp4_module module, which might allow an attacker to trigger a buffer over-read or over-write to the NGINX worker memory resulting in its termination or possibly code execution, using a specially crafted MP4 file. This issue affects NGINX Open Source and NGINX Plus if it is built with the ngx_http_mp

CVE-2026-27784 [HIGH] CVE-2026-27784: nginx - The 32-bit implementation of NGINX Open Source has a vulnerability in the ngx_ht... The 32-bit implementation of NGINX Open Source has a vulnerability in the ngx_http_mp4_module module, which might allow an attacker to over-read or over-write NGINX worker memory resulting in its termination, using a specially crafted MP4 file. The issue only affects 32-bit NGINX Open Source if it is built with the ngx_http_mp4_module module and the mp4 directive is u

CVE-2026-27654 [HIGH] CVE-2026-27654: nginx - NGINX Open Source and NGINX Plus have a vulnerability in the ngx_http_dav_module... NGINX Open Source and NGINX Plus have a vulnerability in the ngx_http_dav_module module that might allow an attacker to trigger a buffer overflow to the NGINX worker process; this vulnerability may result in termination of the NGINX worker process or modification of source or destination file names outside the document root. This issue affects NGINX Open Source and NG

CVE-2026-27651 [HIGH] CVE-2026-27651: nginx - When the ngx_mail_auth_http_module module is enabled on NGINX Plus or NGINX Open... When the ngx_mail_auth_http_module module is enabled on NGINX Plus or NGINX Open Source, undisclosed requests can cause worker processes to terminate. This issue may occur when (1) CRAM-MD5 or APOP authentication is enabled, and (2) the authentication server permits retry by returning the Auth-Wait response header. Note: Software versions which have reached End of Tec

CVE-2026-28755 [MEDIUM] CVE-2026-28755: nginx - NGINX Plus and NGINX Open Source have a vulnerability in the ngx_stream_ssl_modu... NGINX Plus and NGINX Open Source have a vulnerability in the ngx_stream_ssl_module module due to the improper handling of revoked certificates when configured with the ssl_verify_client on and ssl_ocsp on directives, allowing the TLS handshake to succeed even after an OCSP check identifies the certificate as revoked. Note: Software versions which have reached End of

CVE-2026-28753 [MEDIUM] CVE-2026-28753: nginx - NGINX Plus and NGINX Open Source have a vulnerability in the ngx_mail_smtp_modul... NGINX Plus and NGINX Open Source have a vulnerability in the ngx_mail_smtp_module module due to the improper handling of CRLF sequences in DNS responses. This allows an attacker-controlled DNS server to inject arbitrary headers into SMTP upstream requests, leading to potential request manipulation. Note: Software versions which have reached End of Technical Support

CVE-2025-53859 [MEDIUM] CVE-2025-53859: nginx - NGINX Open Source and NGINX Plus have a vulnerability in the ngx_mail_smtp_modul... NGINX Open Source and NGINX Plus have a vulnerability in the ngx_mail_smtp_module that might allow an unauthenticated attacker to over-read NGINX SMTP authentication process memory; as a result, the server side may leak arbitrary bytes sent in a request to the authentication server. This issue happens during the NGINX SMTP authentication process and requires the att

CVE-2025-23419 [MEDIUM] CVE-2025-23419: nginx - When multiple server blocks are configured to share the same IP address and port... When multiple server blocks are configured to share the same IP address and port, an attacker can use session resumption to bypass client certificate authentication requirements on these servers. This vulnerability arises when TLS Session Tickets https://nginx.org/en/docs/http/ngx_http_ssl_module.html#ssl_session_ticket_key are used and/or the SSL session cache http

CVE-2024-33452 [HIGH] CVE-2024-33452: libnginx-mod-http-lua - An issue in OpenResty lua-nginx-module v.0.10.26 and before allows a remote atta... An issue in OpenResty lua-nginx-module v.0.10.26 and before allows a remote attacker to conduct HTTP request smuggling via a crafted HEAD request. Scope: local bookworm: resolved (fixed in 1:0.10.23-1+deb12u1) forky: resolved (fixed in 1:0.10.27-1) sid: resolved (fixed in 1:0.10.27-1) trixie: resolved (fixed in 1:0.10.27-1)

CVE-2024-7347 [MEDIUM] CVE-2024-7347: nginx - NGINX Open Source and NGINX Plus have a vulnerability in the ngx_http_mp4_module... NGINX Open Source and NGINX Plus have a vulnerability in the ngx_http_mp4_module, which might allow an attacker to over-read NGINX worker memory resulting in its termination, using a specially crafted mp4 file. The issue only affects NGINX if it is built with the ngx_http_mp4_module and the mp4 directive is used in the configuration file. Additionally, the attack is p

CVE-2024-24989 [HIGH] CVE-2024-24989: nginx - When NGINX Plus or NGINX OSS are configured to use the HTTP/3 QUIC module, undis... When NGINX Plus or NGINX OSS are configured to use the HTTP/3 QUIC module, undisclosed requests can cause NGINX worker processes to terminate. Note: The HTTP/3 QUIC module is not enabled by default and is considered experimental. For more information, refer to Support for QUIC and HTTP/3 https://nginx.org/en/docs/quic.html . NOTE: Software versions which have reached

CVE-2024-35200 [MEDIUM] CVE-2024-35200: nginx - When NGINX Plus or NGINX OSS are configured to use the HTTP/3 QUIC module, undis... When NGINX Plus or NGINX OSS are configured to use the HTTP/3 QUIC module, undisclosed HTTP/3 requests can cause NGINX worker processes to terminate. Scope: local bookworm: resolved bullseye: resolved forky: resolved (fixed in 1.26.0-2) sid: resolved (fixed in 1.26.0-2) trixie: resolved (fixed in 1.26.0-2)

CVE-2024-34161 [MEDIUM] CVE-2024-34161: nginx - When NGINX Plus or NGINX OSS are configured to use the HTTP/3 QUIC module and th... When NGINX Plus or NGINX OSS are configured to use the HTTP/3 QUIC module and the network infrastructure supports a Maximum Transmission Unit (MTU) of 4096 or greater without fragmentation, undisclosed QUIC packets can cause NGINX worker processes to leak previously freed memory. Scope: local bookworm: resolved bullseye: resolved forky: resolved (fixed in 1.26.0-2)

CVE-2024-31079 [MEDIUM] CVE-2024-31079: nginx - When NGINX Plus or NGINX OSS are configured to use the HTTP/3 QUIC module, undis... When NGINX Plus or NGINX OSS are configured to use the HTTP/3 QUIC module, undisclosed HTTP/3 requests can cause NGINX worker processes to terminate or cause other potential impact. This attack requires that a request be specifically timed during the connection draining process, which the attacker has no visibility and limited influence over. Scope: local bookworm:

CVE-2024-39792 [HIGH] CVE-2024-39792: nginx - When the NGINX Plus is configured to use the MQTT pre-read module, undisclosed r... When the NGINX Plus is configured to use the MQTT pre-read module, undisclosed requests can cause an increase in memory resource utilization. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. Scope: local bookworm: resolved bullseye: resolved forky: resolved sid: resolved trixie: resolved

CVE-2024-24990 [HIGH] CVE-2024-24990: nginx - When NGINX Plus or NGINX OSS are configured to use the HTTP/3 QUIC module, undis... When NGINX Plus or NGINX OSS are configured to use the HTTP/3 QUIC module, undisclosed requests can cause NGINX worker processes to terminate. Note: The HTTP/3 QUIC module is not enabled by default and is considered experimental. For more information, refer to Support for QUIC and HTTP/3 https://nginx.org/en/docs/quic.html . Note: Software versions which have reached

CVE-2024-32760 [MEDIUM] CVE-2024-32760: nginx - When NGINX Plus or NGINX OSS are configured to use the HTTP/3 QUIC module, undis... When NGINX Plus or NGINX OSS are configured to use the HTTP/3 QUIC module, undisclosed HTTP/3 encoder instructions can cause NGINX worker processes to terminate or cause or other potential impact. Scope: local bookworm: resolved bullseye: resolved forky: resolved (fixed in 1.26.0-2) sid: resolved (fixed in 1.26.0-2) trixie: resolved (fixed in 1.26.0-2)

CVE-2023-44487 [HIGH] CVE-2023-44487: dnsdist - The HTTP/2 protocol allows a denial of service (server resource consumption) bec... The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023. Scope: local bookworm: open bullseye: open forky: resolved (fixed in 1.8.2-2) sid: resolved (fixed in 1.8.2-2) trixie: resolved (fixed in 1.8.2-2)

CVE-2022-41741 [HIGH] CVE-2022-41741: nginx - NGINX Open Source before versions 1.23.2 and 1.22.1, NGINX Open Source Subscript... NGINX Open Source before versions 1.23.2 and 1.22.1, NGINX Open Source Subscription before versions R2 P1 and R1 P1, and NGINX Plus before versions R27 P1 and R26 P1 have a vulnerability in the module ngx_http_mp4_module that might allow a local attacker to corrupt NGINX worker memory, resulting in its termination or potential other impact using a specially crafted au