Unrated severityNVD Advisory· Published Mar 24, 2026· Updated Mar 25, 2026
NGINX ngx_http_mp4_module vulnerability
CVE-2026-27784
Description
The 32-bit implementation of NGINX Open Source has a vulnerability in the ngx_http_mp4_module module, which might allow an attacker to over-read or over-write NGINX worker memory resulting in its termination, using a specially crafted MP4 file. The issue only affects 32-bit NGINX Open Source if it is built with the ngx_http_mp4_module module and the mp4 directive is used in the configuration file. Additionally, the attack is possible only if an attacker can trigger the processing of a specially crafted MP4 file with the ngx_http_mp4_module module.
Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
Affected products
15- osv-coords13 versionspkg:bitnami/nginxpkg:bitnami/nginx-gatewaypkg:rpm/almalinux/nginxpkg:rpm/almalinux/nginx-all-modulespkg:rpm/almalinux/nginx-corepkg:rpm/almalinux/nginx-filesystempkg:rpm/almalinux/nginx-mod-develpkg:rpm/almalinux/nginx-mod-http-image-filterpkg:rpm/almalinux/nginx-mod-http-perlpkg:rpm/almalinux/nginx-mod-http-xslt-filterpkg:rpm/almalinux/nginx-mod-mailpkg:rpm/almalinux/nginx-mod-streampkg:rpm/opensuse/nginx&distro=openSUSE%20Tumbleweed
>= 1.1.19, < 1.28.3+ 12 more
- (no CPE)range: >= 1.1.19, < 1.28.3
- (no CPE)range: >= 1.1.19, < 1.28.3
- (no CPE)range: < 1:1.24.0-3.module_el8.10.0+4159+021b4a2a.alma.1
- (no CPE)range: < 2:1.26.3-2.el10_1.1
- (no CPE)range: < 1:1.24.0-5.module_el9.7.0+220+47ec8b91.2.alma.1
- (no CPE)range: < 2:1.26.3-2.el10_1.1
- (no CPE)range: < 1:1.24.0-3.module_el8.10.0+4159+021b4a2a.alma.1
- (no CPE)range: < 1:1.24.0-3.module_el8.10.0+4159+021b4a2a.alma.1
- (no CPE)range: < 1:1.24.0-3.module_el8.10.0+4159+021b4a2a.alma.1
- (no CPE)range: < 1:1.24.0-3.module_el8.10.0+4159+021b4a2a.alma.1
- (no CPE)range: < 1:1.24.0-3.module_el8.10.0+4159+021b4a2a.alma.1
- (no CPE)range: < 1:1.24.0-3.module_el8.10.0+4159+021b4a2a.alma.1
- (no CPE)range: < 1.29.7-1.1
- F5/NGINX Open Sourcev5Range: 1.29.0
Patches
Vulnerability mechanics
References
1- my.f5.com/manage/s/article/K000160364mitrevendor-advisory
News mentions
0No linked articles in our index yet.