Django REST framework

Lookup for vulnerable packages by Package URL.

Purl pkg:deb/debian/nginx@1.18.0-6.1%2Bdeb11u6?distro=trixie

Type deb

Namespace debian

Name nginx

Version 1.18.0-6.1+deb11u6

Qualifiers

distro	trixie

Subpath

Is_vulnerable false

Next_non_vulnerable_version 1.20.2-2

Latest_non_vulnerable_version 1.30.1-3

Affected_by_vulnerabilities

Fixing_vulnerabilities

url VCID-3b34-tqxp-h7h5

vulnerability_id VCID-3b34-tqxp-h7h5

summary nginx: NGINX ngx_mail_smtp_module vulnerability

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-53859.json

reference_id

reference_type

scores

value	3.7
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-53859.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2025-53859

reference_id

reference_type

scores

value	0.00031
scoring_system	epss
scoring_elements	0.09485
published_at	2026-05-29T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2025-53859

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-53859
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-53859

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	3.7
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1111138
reference_id	1111138
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1111138

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2388238
reference_id	2388238
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2388238

reference_url	https://nvd.nist.gov/vuln/detail/CVE-2025-53859
reference_id	CVE-2025-53859
reference_type
scores
url	https://nvd.nist.gov/vuln/detail/CVE-2025-53859

reference_url

https://my.f5.com/manage/s/article/K000152786

reference_id

K000152786

reference_type

scores

value	3.7
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N

value	6.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-08-13T15:06:23Z/

url

https://my.f5.com/manage/s/article/K000152786

reference_url	https://access.redhat.com/errata/RHSA-2026:8346
reference_id	RHSA-2026:8346
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:8346

reference_url	https://usn.ubuntu.com/7715-1/
reference_id	USN-7715-1
reference_type
scores
url	https://usn.ubuntu.com/7715-1/

fixed_packages

url pkg:deb/debian/nginx@1.18.0-6.1%2Bdeb11u3?distro=trixie

purl pkg:deb/debian/nginx@1.18.0-6.1%2Bdeb11u3?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-kvpj-4273-4khg

vulnerability	VCID-xsdq-5m4c-mqcs

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nginx@1.18.0-6.1%252Bdeb11u3%3Fdistro=trixie

url	pkg:deb/debian/nginx@1.18.0-6.1%2Bdeb11u6?distro=trixie
purl	pkg:deb/debian/nginx@1.18.0-6.1%2Bdeb11u6?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/nginx@1.18.0-6.1%252Bdeb11u6%3Fdistro=trixie

url	pkg:deb/debian/nginx@1.22.1-9%2Bdeb12u3?distro=trixie
purl	pkg:deb/debian/nginx@1.22.1-9%2Bdeb12u3?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/nginx@1.22.1-9%252Bdeb12u3%3Fdistro=trixie

url pkg:deb/debian/nginx@1.22.1-9%2Bdeb12u6?distro=trixie

purl pkg:deb/debian/nginx@1.22.1-9%2Bdeb12u6?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-422n-2b44-mbh2

vulnerability	VCID-kvpj-4273-4khg

vulnerability	VCID-xsdq-5m4c-mqcs

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nginx@1.22.1-9%252Bdeb12u6%3Fdistro=trixie

url	pkg:deb/debian/nginx@1.26.3-3%2Bdeb13u1?distro=trixie
purl	pkg:deb/debian/nginx@1.26.3-3%2Bdeb13u1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/nginx@1.26.3-3%252Bdeb13u1%3Fdistro=trixie

url pkg:deb/debian/nginx@1.26.3-3%2Bdeb13u4?distro=trixie

purl pkg:deb/debian/nginx@1.26.3-3%2Bdeb13u4?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-422n-2b44-mbh2

vulnerability	VCID-xsdq-5m4c-mqcs

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nginx@1.26.3-3%252Bdeb13u4%3Fdistro=trixie

url	pkg:deb/debian/nginx@1.28.0-3?distro=trixie
purl	pkg:deb/debian/nginx@1.28.0-3?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/nginx@1.28.0-3%3Fdistro=trixie

url	pkg:deb/debian/nginx@1.30.1-3?distro=trixie
purl	pkg:deb/debian/nginx@1.30.1-3?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/nginx@1.30.1-3%3Fdistro=trixie

aliases CVE-2025-53859

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-3b34-tqxp-h7h5

url VCID-422n-2b44-mbh2

vulnerability_id VCID-422n-2b44-mbh2

summary nginx: ngx_http_scgi_module: ngx_http_uwsgi_module: information disclosure and denial of service

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-42946.json

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:L

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-42946.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2026-42946

reference_id

reference_type

scores

value	0.0007
scoring_system	epss
scoring_elements	0.21561
published_at	2026-05-29T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2026-42946

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-42946
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-42946

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:L

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2477132
reference_id	2477132
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2477132

reference_url	https://nvd.nist.gov/vuln/detail/CVE-2026-42946
reference_id	CVE-2026-42946
reference_type
scores
url	https://nvd.nist.gov/vuln/detail/CVE-2026-42946

reference_url

https://my.f5.com/manage/s/article/K000161027

reference_id

K000161027

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:L

value	8.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:L/SC:N/SI:N/SA:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-13T15:55:04Z/

url

https://my.f5.com/manage/s/article/K000161027

fixed_packages

url pkg:deb/debian/nginx@1.18.0-6.1%2Bdeb11u3?distro=trixie

purl pkg:deb/debian/nginx@1.18.0-6.1%2Bdeb11u3?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-kvpj-4273-4khg

vulnerability	VCID-xsdq-5m4c-mqcs

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nginx@1.18.0-6.1%252Bdeb11u3%3Fdistro=trixie

url	pkg:deb/debian/nginx@1.18.0-6.1%2Bdeb11u6?distro=trixie
purl	pkg:deb/debian/nginx@1.18.0-6.1%2Bdeb11u6?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/nginx@1.18.0-6.1%252Bdeb11u6%3Fdistro=trixie

url	pkg:deb/debian/nginx@1.30.0-4?distro=trixie
purl	pkg:deb/debian/nginx@1.30.0-4?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/nginx@1.30.0-4%3Fdistro=trixie

url	pkg:deb/debian/nginx@1.30.1-3?distro=trixie
purl	pkg:deb/debian/nginx@1.30.1-3?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/nginx@1.30.1-3%3Fdistro=trixie

aliases CVE-2026-42946

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-422n-2b44-mbh2

url VCID-5kgu-8trw-zufv

vulnerability_id VCID-5kgu-8trw-zufv

summary nginx: NGINX: Data injection via man-in-the-middle attack on TLS proxied connections

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-1642.json

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-1642.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2026-1642

reference_id

reference_type

scores

value	0.00021
scoring_system	epss
scoring_elements	0.06124
published_at	2026-05-29T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2026-1642

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-1642
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-1642

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1127053
reference_id	1127053
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1127053

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2436738
reference_id	2436738
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2436738

reference_url	https://nvd.nist.gov/vuln/detail/CVE-2026-1642
reference_id	CVE-2026-1642
reference_type
scores
url	https://nvd.nist.gov/vuln/detail/CVE-2026-1642

reference_url

https://my.f5.com/manage/s/article/K000159824

reference_id

K000159824

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

value	8.2
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-04T16:01:47Z/

url

https://my.f5.com/manage/s/article/K000159824

reference_url	https://access.redhat.com/errata/RHSA-2026:10065
reference_id	RHSA-2026:10065
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:10065

reference_url	https://access.redhat.com/errata/RHSA-2026:3638
reference_id	RHSA-2026:3638
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:3638

reference_url	https://access.redhat.com/errata/RHSA-2026:4235
reference_id	RHSA-2026:4235
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:4235

reference_url	https://access.redhat.com/errata/RHSA-2026:4501
reference_id	RHSA-2026:4501
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:4501

reference_url	https://access.redhat.com/errata/RHSA-2026:4705
reference_id	RHSA-2026:4705
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:4705

reference_url	https://access.redhat.com/errata/RHSA-2026:4943
reference_id	RHSA-2026:4943
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:4943

reference_url	https://access.redhat.com/errata/RHSA-2026:5581
reference_id	RHSA-2026:5581
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:5581

reference_url	https://access.redhat.com/errata/RHSA-2026:5599
reference_id	RHSA-2026:5599
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:5599

reference_url	https://access.redhat.com/errata/RHSA-2026:6182
reference_id	RHSA-2026:6182
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:6182

reference_url	https://access.redhat.com/errata/RHSA-2026:6234
reference_id	RHSA-2026:6234
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:6234

reference_url	https://access.redhat.com/errata/RHSA-2026:6235
reference_id	RHSA-2026:6235
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:6235

reference_url	https://access.redhat.com/errata/RHSA-2026:6302
reference_id	RHSA-2026:6302
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:6302

reference_url	https://access.redhat.com/errata/RHSA-2026:6311
reference_id	RHSA-2026:6311
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:6311

reference_url	https://access.redhat.com/errata/RHSA-2026:6407
reference_id	RHSA-2026:6407
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:6407

reference_url	https://access.redhat.com/errata/RHSA-2026:6408
reference_id	RHSA-2026:6408
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:6408

reference_url	https://access.redhat.com/errata/RHSA-2026:6427
reference_id	RHSA-2026:6427
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:6427

reference_url	https://access.redhat.com/errata/RHSA-2026:8346
reference_id	RHSA-2026:8346
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:8346

reference_url	https://usn.ubuntu.com/8038-1/
reference_id	USN-8038-1
reference_type
scores
url	https://usn.ubuntu.com/8038-1/

fixed_packages

url pkg:deb/debian/nginx@1.18.0-6.1%2Bdeb11u3?distro=trixie

purl pkg:deb/debian/nginx@1.18.0-6.1%2Bdeb11u3?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-kvpj-4273-4khg

vulnerability	VCID-xsdq-5m4c-mqcs

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nginx@1.18.0-6.1%252Bdeb11u3%3Fdistro=trixie

url	pkg:deb/debian/nginx@1.18.0-6.1%2Bdeb11u6?distro=trixie
purl	pkg:deb/debian/nginx@1.18.0-6.1%2Bdeb11u6?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/nginx@1.18.0-6.1%252Bdeb11u6%3Fdistro=trixie

url	pkg:deb/debian/nginx@1.22.1-9%2Bdeb12u4?distro=trixie
purl	pkg:deb/debian/nginx@1.22.1-9%2Bdeb12u4?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/nginx@1.22.1-9%252Bdeb12u4%3Fdistro=trixie

url pkg:deb/debian/nginx@1.22.1-9%2Bdeb12u6?distro=trixie

purl pkg:deb/debian/nginx@1.22.1-9%2Bdeb12u6?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-422n-2b44-mbh2

vulnerability	VCID-kvpj-4273-4khg

vulnerability	VCID-xsdq-5m4c-mqcs

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nginx@1.22.1-9%252Bdeb12u6%3Fdistro=trixie

url	pkg:deb/debian/nginx@1.26.3-3%2Bdeb13u2?distro=trixie
purl	pkg:deb/debian/nginx@1.26.3-3%2Bdeb13u2?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/nginx@1.26.3-3%252Bdeb13u2%3Fdistro=trixie

url pkg:deb/debian/nginx@1.26.3-3%2Bdeb13u4?distro=trixie

purl pkg:deb/debian/nginx@1.26.3-3%2Bdeb13u4?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-422n-2b44-mbh2

vulnerability	VCID-xsdq-5m4c-mqcs

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nginx@1.26.3-3%252Bdeb13u4%3Fdistro=trixie

url	pkg:deb/debian/nginx@1.28.1-3?distro=trixie
purl	pkg:deb/debian/nginx@1.28.1-3?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/nginx@1.28.1-3%3Fdistro=trixie

url	pkg:deb/debian/nginx@1.30.1-3?distro=trixie
purl	pkg:deb/debian/nginx@1.30.1-3?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/nginx@1.30.1-3%3Fdistro=trixie

aliases CVE-2026-1642

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-5kgu-8trw-zufv

url VCID-cxs8-z482-ufht

vulnerability_id VCID-cxs8-z482-ufht

summary nginx: NGINX: Denial of Service or Code Execution via specially crafted MP4 files

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-32647.json

reference_id

reference_type

scores

value	7.8
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-32647.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2026-32647

reference_id

reference_type

scores

value	0.00023
scoring_system	epss
scoring_elements	0.06833
published_at	2026-05-29T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2026-32647

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-32647
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-32647

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	7.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2449598
reference_id	2449598
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2449598

reference_url	https://nvd.nist.gov/vuln/detail/CVE-2026-32647
reference_id	CVE-2026-32647
reference_type
scores
url	https://nvd.nist.gov/vuln/detail/CVE-2026-32647

reference_url

https://my.f5.com/manage/s/article/K000160366

reference_id

K000160366

reference_type

scores

value	7.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	8.5
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-24T14:51:04Z/

url

https://my.f5.com/manage/s/article/K000160366

reference_url	https://access.redhat.com/errata/RHSA-2026:10065
reference_id	RHSA-2026:10065
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:10065

reference_url	https://access.redhat.com/errata/RHSA-2026:13634
reference_id	RHSA-2026:13634
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:13634

reference_url	https://access.redhat.com/errata/RHSA-2026:13680
reference_id	RHSA-2026:13680
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:13680

reference_url	https://access.redhat.com/errata/RHSA-2026:13839
reference_id	RHSA-2026:13839
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:13839

reference_url	https://access.redhat.com/errata/RHSA-2026:14836
reference_id	RHSA-2026:14836
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:14836

reference_url	https://access.redhat.com/errata/RHSA-2026:15942
reference_id	RHSA-2026:15942
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:15942

reference_url	https://access.redhat.com/errata/RHSA-2026:15943
reference_id	RHSA-2026:15943
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:15943

reference_url	https://access.redhat.com/errata/RHSA-2026:15945
reference_id	RHSA-2026:15945
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:15945

reference_url	https://access.redhat.com/errata/RHSA-2026:15966
reference_id	RHSA-2026:15966
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:15966

reference_url	https://access.redhat.com/errata/RHSA-2026:6906
reference_id	RHSA-2026:6906
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:6906

reference_url	https://access.redhat.com/errata/RHSA-2026:6907
reference_id	RHSA-2026:6907
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:6907

reference_url	https://access.redhat.com/errata/RHSA-2026:6923
reference_id	RHSA-2026:6923
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:6923

reference_url	https://access.redhat.com/errata/RHSA-2026:7002
reference_id	RHSA-2026:7002
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:7002

reference_url	https://access.redhat.com/errata/RHSA-2026:7343
reference_id	RHSA-2026:7343
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:7343

reference_url	https://access.redhat.com/errata/RHSA-2026:8346
reference_id	RHSA-2026:8346
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:8346

reference_url	https://usn.ubuntu.com/8210-1/
reference_id	USN-8210-1
reference_type
scores
url	https://usn.ubuntu.com/8210-1/

fixed_packages

url pkg:deb/debian/nginx@1.18.0-6.1%2Bdeb11u3?distro=trixie

purl pkg:deb/debian/nginx@1.18.0-6.1%2Bdeb11u3?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-kvpj-4273-4khg

vulnerability	VCID-xsdq-5m4c-mqcs

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nginx@1.18.0-6.1%252Bdeb11u3%3Fdistro=trixie

url	pkg:deb/debian/nginx@1.18.0-6.1%2Bdeb11u6?distro=trixie
purl	pkg:deb/debian/nginx@1.18.0-6.1%2Bdeb11u6?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/nginx@1.18.0-6.1%252Bdeb11u6%3Fdistro=trixie

url	pkg:deb/debian/nginx@1.22.1-9%2Bdeb12u5?distro=trixie
purl	pkg:deb/debian/nginx@1.22.1-9%2Bdeb12u5?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/nginx@1.22.1-9%252Bdeb12u5%3Fdistro=trixie

url pkg:deb/debian/nginx@1.22.1-9%2Bdeb12u6?distro=trixie

purl pkg:deb/debian/nginx@1.22.1-9%2Bdeb12u6?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-422n-2b44-mbh2

vulnerability	VCID-kvpj-4273-4khg

vulnerability	VCID-xsdq-5m4c-mqcs

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nginx@1.22.1-9%252Bdeb12u6%3Fdistro=trixie

url	pkg:deb/debian/nginx@1.26.3-3%2Bdeb13u3?distro=trixie
purl	pkg:deb/debian/nginx@1.26.3-3%2Bdeb13u3?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/nginx@1.26.3-3%252Bdeb13u3%3Fdistro=trixie

url pkg:deb/debian/nginx@1.26.3-3%2Bdeb13u4?distro=trixie

purl pkg:deb/debian/nginx@1.26.3-3%2Bdeb13u4?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-422n-2b44-mbh2

vulnerability	VCID-xsdq-5m4c-mqcs

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nginx@1.26.3-3%252Bdeb13u4%3Fdistro=trixie

url	pkg:deb/debian/nginx@1.28.3-1?distro=trixie
purl	pkg:deb/debian/nginx@1.28.3-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/nginx@1.28.3-1%3Fdistro=trixie

url	pkg:deb/debian/nginx@1.30.1-3?distro=trixie
purl	pkg:deb/debian/nginx@1.30.1-3?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/nginx@1.30.1-3%3Fdistro=trixie

aliases CVE-2026-32647

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-cxs8-z482-ufht

url VCID-dfzv-bqb6-xkgp

vulnerability_id VCID-dfzv-bqb6-xkgp

summary nginx: ngx_http_charset_module: information disclosure and denial of service

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-42934.json

reference_id

reference_type

scores

value	4.8
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:L

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-42934.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2026-42934

reference_id

reference_type

scores

value	0.00044
scoring_system	epss
scoring_elements	0.13942
published_at	2026-05-29T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2026-42934

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-42934
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-42934

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	4.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:L

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2477066
reference_id	2477066
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2477066

reference_url	https://nvd.nist.gov/vuln/detail/CVE-2026-42934
reference_id	CVE-2026-42934
reference_type
scores
url	https://nvd.nist.gov/vuln/detail/CVE-2026-42934

reference_url

https://my.f5.com/manage/s/article/K000161028

reference_id

K000161028

reference_type

scores

value	4.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:L

value	6.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:L/SC:N/SI:N/SA:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-13T15:55:18Z/

url

https://my.f5.com/manage/s/article/K000161028

fixed_packages

url pkg:deb/debian/nginx@1.18.0-6.1%2Bdeb11u3?distro=trixie

purl pkg:deb/debian/nginx@1.18.0-6.1%2Bdeb11u3?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-kvpj-4273-4khg

vulnerability	VCID-xsdq-5m4c-mqcs

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nginx@1.18.0-6.1%252Bdeb11u3%3Fdistro=trixie

url	pkg:deb/debian/nginx@1.18.0-6.1%2Bdeb11u6?distro=trixie
purl	pkg:deb/debian/nginx@1.18.0-6.1%2Bdeb11u6?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/nginx@1.18.0-6.1%252Bdeb11u6%3Fdistro=trixie

url pkg:deb/debian/nginx@1.22.1-9%2Bdeb12u6?distro=trixie

purl pkg:deb/debian/nginx@1.22.1-9%2Bdeb12u6?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-422n-2b44-mbh2

vulnerability	VCID-kvpj-4273-4khg

vulnerability	VCID-xsdq-5m4c-mqcs

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nginx@1.22.1-9%252Bdeb12u6%3Fdistro=trixie

url	pkg:deb/debian/nginx@1.22.1-9%2Bdeb12u7?distro=trixie
purl	pkg:deb/debian/nginx@1.22.1-9%2Bdeb12u7?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/nginx@1.22.1-9%252Bdeb12u7%3Fdistro=trixie

url pkg:deb/debian/nginx@1.26.3-3%2Bdeb13u4?distro=trixie

purl pkg:deb/debian/nginx@1.26.3-3%2Bdeb13u4?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-422n-2b44-mbh2

vulnerability	VCID-xsdq-5m4c-mqcs

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nginx@1.26.3-3%252Bdeb13u4%3Fdistro=trixie

url	pkg:deb/debian/nginx@1.26.3-3%2Bdeb13u5?distro=trixie
purl	pkg:deb/debian/nginx@1.26.3-3%2Bdeb13u5?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/nginx@1.26.3-3%252Bdeb13u5%3Fdistro=trixie

url	pkg:deb/debian/nginx@1.30.0-4?distro=trixie
purl	pkg:deb/debian/nginx@1.30.0-4?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/nginx@1.30.0-4%3Fdistro=trixie

url	pkg:deb/debian/nginx@1.30.1-3?distro=trixie
purl	pkg:deb/debian/nginx@1.30.1-3?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/nginx@1.30.1-3%3Fdistro=trixie

aliases CVE-2026-42934

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-dfzv-bqb6-xkgp

url VCID-fpta-dc5f-pkct

vulnerability_id VCID-fpta-dc5f-pkct

summary NGINX: NGINX: Denial of Service due to memory corruption via crafted MP4 file

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-27784.json

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-27784.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2026-27784

reference_id

reference_type

scores

value	0.00014
scoring_system	epss
scoring_elements	0.02947
published_at	2026-05-29T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2026-27784

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-27784
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-27784

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	7.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2450785
reference_id	2450785
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2450785

reference_url	https://nvd.nist.gov/vuln/detail/CVE-2026-27784
reference_id	CVE-2026-27784
reference_type
scores
url	https://nvd.nist.gov/vuln/detail/CVE-2026-27784

reference_url

https://my.f5.com/manage/s/article/K000160364

reference_id

K000160364

reference_type

scores

value	7.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	8.5
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-25T03:55:53Z/

url

https://my.f5.com/manage/s/article/K000160364

reference_url	https://access.redhat.com/errata/RHSA-2026:10065
reference_id	RHSA-2026:10065
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:10065

reference_url	https://access.redhat.com/errata/RHSA-2026:13634
reference_id	RHSA-2026:13634
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:13634

reference_url	https://access.redhat.com/errata/RHSA-2026:13680
reference_id	RHSA-2026:13680
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:13680

reference_url	https://access.redhat.com/errata/RHSA-2026:13839
reference_id	RHSA-2026:13839
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:13839

reference_url	https://access.redhat.com/errata/RHSA-2026:14836
reference_id	RHSA-2026:14836
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:14836

reference_url	https://access.redhat.com/errata/RHSA-2026:15942
reference_id	RHSA-2026:15942
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:15942

reference_url	https://access.redhat.com/errata/RHSA-2026:15943
reference_id	RHSA-2026:15943
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:15943

reference_url	https://access.redhat.com/errata/RHSA-2026:15945
reference_id	RHSA-2026:15945
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:15945

reference_url	https://access.redhat.com/errata/RHSA-2026:15966
reference_id	RHSA-2026:15966
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:15966

reference_url	https://access.redhat.com/errata/RHSA-2026:6906
reference_id	RHSA-2026:6906
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:6906

reference_url	https://access.redhat.com/errata/RHSA-2026:6907
reference_id	RHSA-2026:6907
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:6907

reference_url	https://access.redhat.com/errata/RHSA-2026:6923
reference_id	RHSA-2026:6923
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:6923

reference_url	https://access.redhat.com/errata/RHSA-2026:7002
reference_id	RHSA-2026:7002
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:7002

reference_url	https://access.redhat.com/errata/RHSA-2026:7343
reference_id	RHSA-2026:7343
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:7343

reference_url	https://access.redhat.com/errata/RHSA-2026:8346
reference_id	RHSA-2026:8346
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:8346

reference_url	https://usn.ubuntu.com/8210-1/
reference_id	USN-8210-1
reference_type
scores
url	https://usn.ubuntu.com/8210-1/

fixed_packages

url pkg:deb/debian/nginx@1.18.0-6.1%2Bdeb11u3?distro=trixie

purl pkg:deb/debian/nginx@1.18.0-6.1%2Bdeb11u3?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-kvpj-4273-4khg

vulnerability	VCID-xsdq-5m4c-mqcs

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nginx@1.18.0-6.1%252Bdeb11u3%3Fdistro=trixie

url	pkg:deb/debian/nginx@1.18.0-6.1%2Bdeb11u6?distro=trixie
purl	pkg:deb/debian/nginx@1.18.0-6.1%2Bdeb11u6?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/nginx@1.18.0-6.1%252Bdeb11u6%3Fdistro=trixie

url	pkg:deb/debian/nginx@1.22.1-9%2Bdeb12u5?distro=trixie
purl	pkg:deb/debian/nginx@1.22.1-9%2Bdeb12u5?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/nginx@1.22.1-9%252Bdeb12u5%3Fdistro=trixie

url pkg:deb/debian/nginx@1.22.1-9%2Bdeb12u6?distro=trixie

purl pkg:deb/debian/nginx@1.22.1-9%2Bdeb12u6?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-422n-2b44-mbh2

vulnerability	VCID-kvpj-4273-4khg

vulnerability	VCID-xsdq-5m4c-mqcs

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nginx@1.22.1-9%252Bdeb12u6%3Fdistro=trixie

url	pkg:deb/debian/nginx@1.26.3-3%2Bdeb13u3?distro=trixie
purl	pkg:deb/debian/nginx@1.26.3-3%2Bdeb13u3?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/nginx@1.26.3-3%252Bdeb13u3%3Fdistro=trixie

url pkg:deb/debian/nginx@1.26.3-3%2Bdeb13u4?distro=trixie

purl pkg:deb/debian/nginx@1.26.3-3%2Bdeb13u4?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-422n-2b44-mbh2

vulnerability	VCID-xsdq-5m4c-mqcs

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nginx@1.26.3-3%252Bdeb13u4%3Fdistro=trixie

url	pkg:deb/debian/nginx@1.28.3-1?distro=trixie
purl	pkg:deb/debian/nginx@1.28.3-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/nginx@1.28.3-1%3Fdistro=trixie

url	pkg:deb/debian/nginx@1.30.1-3?distro=trixie
purl	pkg:deb/debian/nginx@1.30.1-3?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/nginx@1.30.1-3%3Fdistro=trixie

aliases CVE-2026-27784

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-fpta-dc5f-pkct

url VCID-gjvm-84ff-3qad

vulnerability_id VCID-gjvm-84ff-3qad

summary NGINX: NGINX: Denial of Service or file modification via buffer overflow in ngx_http_dav_module

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-27654.json

reference_id

reference_type

scores

value	8.2
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-27654.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2026-27654

reference_id

reference_type

scores

value	0.0002
scoring_system	epss
scoring_elements	0.05879
published_at	2026-05-29T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2026-27654

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-27654
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-27654

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	8.2
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2450776
reference_id	2450776
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2450776

reference_url	https://nvd.nist.gov/vuln/detail/CVE-2026-27654
reference_id	CVE-2026-27654
reference_type
scores
url	https://nvd.nist.gov/vuln/detail/CVE-2026-27654

reference_url

https://my.f5.com/manage/s/article/K000160382

reference_id

K000160382

reference_type

scores

value	8.2
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H

value	8.8
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:H/SC:N/SI:N/SA:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-24T15:14:50Z/

url

https://my.f5.com/manage/s/article/K000160382

reference_url	https://access.redhat.com/errata/RHSA-2026:10065
reference_id	RHSA-2026:10065
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:10065

reference_url	https://access.redhat.com/errata/RHSA-2026:13634
reference_id	RHSA-2026:13634
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:13634

reference_url	https://access.redhat.com/errata/RHSA-2026:13680
reference_id	RHSA-2026:13680
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:13680

reference_url	https://access.redhat.com/errata/RHSA-2026:13839
reference_id	RHSA-2026:13839
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:13839

reference_url	https://access.redhat.com/errata/RHSA-2026:14836
reference_id	RHSA-2026:14836
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:14836

reference_url	https://access.redhat.com/errata/RHSA-2026:15942
reference_id	RHSA-2026:15942
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:15942

reference_url	https://access.redhat.com/errata/RHSA-2026:15943
reference_id	RHSA-2026:15943
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:15943

reference_url	https://access.redhat.com/errata/RHSA-2026:15945
reference_id	RHSA-2026:15945
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:15945

reference_url	https://access.redhat.com/errata/RHSA-2026:15966
reference_id	RHSA-2026:15966
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:15966

reference_url	https://access.redhat.com/errata/RHSA-2026:6906
reference_id	RHSA-2026:6906
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:6906

reference_url	https://access.redhat.com/errata/RHSA-2026:6907
reference_id	RHSA-2026:6907
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:6907

reference_url	https://access.redhat.com/errata/RHSA-2026:6923
reference_id	RHSA-2026:6923
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:6923

reference_url	https://access.redhat.com/errata/RHSA-2026:7002
reference_id	RHSA-2026:7002
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:7002

reference_url	https://access.redhat.com/errata/RHSA-2026:7343
reference_id	RHSA-2026:7343
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:7343

reference_url	https://access.redhat.com/errata/RHSA-2026:8346
reference_id	RHSA-2026:8346
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:8346

reference_url	https://usn.ubuntu.com/8210-1/
reference_id	USN-8210-1
reference_type
scores
url	https://usn.ubuntu.com/8210-1/

fixed_packages

url pkg:deb/debian/nginx@1.18.0-6.1%2Bdeb11u3?distro=trixie

purl pkg:deb/debian/nginx@1.18.0-6.1%2Bdeb11u3?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-kvpj-4273-4khg

vulnerability	VCID-xsdq-5m4c-mqcs

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nginx@1.18.0-6.1%252Bdeb11u3%3Fdistro=trixie

url	pkg:deb/debian/nginx@1.18.0-6.1%2Bdeb11u6?distro=trixie
purl	pkg:deb/debian/nginx@1.18.0-6.1%2Bdeb11u6?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/nginx@1.18.0-6.1%252Bdeb11u6%3Fdistro=trixie

url	pkg:deb/debian/nginx@1.22.1-9%2Bdeb12u5?distro=trixie
purl	pkg:deb/debian/nginx@1.22.1-9%2Bdeb12u5?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/nginx@1.22.1-9%252Bdeb12u5%3Fdistro=trixie

url pkg:deb/debian/nginx@1.22.1-9%2Bdeb12u6?distro=trixie

purl pkg:deb/debian/nginx@1.22.1-9%2Bdeb12u6?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-422n-2b44-mbh2

vulnerability	VCID-kvpj-4273-4khg

vulnerability	VCID-xsdq-5m4c-mqcs

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nginx@1.22.1-9%252Bdeb12u6%3Fdistro=trixie

url	pkg:deb/debian/nginx@1.26.3-3%2Bdeb13u3?distro=trixie
purl	pkg:deb/debian/nginx@1.26.3-3%2Bdeb13u3?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/nginx@1.26.3-3%252Bdeb13u3%3Fdistro=trixie

url pkg:deb/debian/nginx@1.26.3-3%2Bdeb13u4?distro=trixie

purl pkg:deb/debian/nginx@1.26.3-3%2Bdeb13u4?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-422n-2b44-mbh2

vulnerability	VCID-xsdq-5m4c-mqcs

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nginx@1.26.3-3%252Bdeb13u4%3Fdistro=trixie

url	pkg:deb/debian/nginx@1.28.3-1?distro=trixie
purl	pkg:deb/debian/nginx@1.28.3-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/nginx@1.28.3-1%3Fdistro=trixie

url	pkg:deb/debian/nginx@1.30.1-3?distro=trixie
purl	pkg:deb/debian/nginx@1.30.1-3?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/nginx@1.30.1-3%3Fdistro=trixie

aliases CVE-2026-27654

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-gjvm-84ff-3qad

url VCID-kn1z-74dk-zyed

vulnerability_id VCID-kn1z-74dk-zyed

summary NGINX: NGINX Plus: NGINX Open Source: NGINX Plus and NGINX Open Source: Request manipulation via header injection in SMTP upstream requests

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-28753.json

reference_id

reference_type

scores

value	3.7
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-28753.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2026-28753

reference_id

reference_type

scores

value	0.00029
scoring_system	epss
scoring_elements	0.08898
published_at	2026-05-29T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2026-28753

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-28753
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-28753

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	3.7
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2450780
reference_id	2450780
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2450780

reference_url	https://nvd.nist.gov/vuln/detail/CVE-2026-28753
reference_id	CVE-2026-28753
reference_type
scores
url	https://nvd.nist.gov/vuln/detail/CVE-2026-28753

reference_url

https://my.f5.com/manage/s/article/K000160367

reference_id

K000160367

reference_type

scores

value	3.7
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N

value	6.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-24T15:24:28Z/

url

https://my.f5.com/manage/s/article/K000160367

reference_url	https://access.redhat.com/errata/RHSA-2026:8346
reference_id	RHSA-2026:8346
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:8346

reference_url	https://usn.ubuntu.com/8210-1/
reference_id	USN-8210-1
reference_type
scores
url	https://usn.ubuntu.com/8210-1/

fixed_packages

url pkg:deb/debian/nginx@1.18.0-6.1%2Bdeb11u3?distro=trixie

purl pkg:deb/debian/nginx@1.18.0-6.1%2Bdeb11u3?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-kvpj-4273-4khg

vulnerability	VCID-xsdq-5m4c-mqcs

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nginx@1.18.0-6.1%252Bdeb11u3%3Fdistro=trixie

url	pkg:deb/debian/nginx@1.18.0-6.1%2Bdeb11u6?distro=trixie
purl	pkg:deb/debian/nginx@1.18.0-6.1%2Bdeb11u6?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/nginx@1.18.0-6.1%252Bdeb11u6%3Fdistro=trixie

url	pkg:deb/debian/nginx@1.22.1-9%2Bdeb12u5?distro=trixie
purl	pkg:deb/debian/nginx@1.22.1-9%2Bdeb12u5?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/nginx@1.22.1-9%252Bdeb12u5%3Fdistro=trixie

url pkg:deb/debian/nginx@1.22.1-9%2Bdeb12u6?distro=trixie

purl pkg:deb/debian/nginx@1.22.1-9%2Bdeb12u6?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-422n-2b44-mbh2

vulnerability	VCID-kvpj-4273-4khg

vulnerability	VCID-xsdq-5m4c-mqcs

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nginx@1.22.1-9%252Bdeb12u6%3Fdistro=trixie

url	pkg:deb/debian/nginx@1.26.3-3%2Bdeb13u3?distro=trixie
purl	pkg:deb/debian/nginx@1.26.3-3%2Bdeb13u3?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/nginx@1.26.3-3%252Bdeb13u3%3Fdistro=trixie

url pkg:deb/debian/nginx@1.26.3-3%2Bdeb13u4?distro=trixie

purl pkg:deb/debian/nginx@1.26.3-3%2Bdeb13u4?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-422n-2b44-mbh2

vulnerability	VCID-xsdq-5m4c-mqcs

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nginx@1.26.3-3%252Bdeb13u4%3Fdistro=trixie

url	pkg:deb/debian/nginx@1.28.3-1?distro=trixie
purl	pkg:deb/debian/nginx@1.28.3-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/nginx@1.28.3-1%3Fdistro=trixie

url	pkg:deb/debian/nginx@1.30.1-3?distro=trixie
purl	pkg:deb/debian/nginx@1.30.1-3?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/nginx@1.30.1-3%3Fdistro=trixie

aliases CVE-2026-28753

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-kn1z-74dk-zyed

url VCID-ttbr-yfea-47c5

vulnerability_id VCID-ttbr-yfea-47c5

summary NGINX: NGINX: Denial of Service via undisclosed requests when ngx_mail_auth_http_module is enabled

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-27651.json

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-27651.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2026-27651

reference_id

reference_type

scores

value	0.00048
scoring_system	epss
scoring_elements	0.15288
published_at	2026-05-29T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2026-27651

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-27651
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-27651

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2450791
reference_id	2450791
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2450791

reference_url	https://nvd.nist.gov/vuln/detail/CVE-2026-27651
reference_id	CVE-2026-27651
reference_type
scores
url	https://nvd.nist.gov/vuln/detail/CVE-2026-27651

reference_url

https://my.f5.com/manage/s/article/K000160383

reference_id

K000160383

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-24T15:02:03Z/

url

https://my.f5.com/manage/s/article/K000160383

reference_url	https://access.redhat.com/errata/RHSA-2026:10065
reference_id	RHSA-2026:10065
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:10065

reference_url	https://access.redhat.com/errata/RHSA-2026:13634
reference_id	RHSA-2026:13634
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:13634

reference_url	https://access.redhat.com/errata/RHSA-2026:13680
reference_id	RHSA-2026:13680
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:13680

reference_url	https://access.redhat.com/errata/RHSA-2026:13839
reference_id	RHSA-2026:13839
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:13839

reference_url	https://access.redhat.com/errata/RHSA-2026:14836
reference_id	RHSA-2026:14836
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:14836

reference_url	https://access.redhat.com/errata/RHSA-2026:15942
reference_id	RHSA-2026:15942
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:15942

reference_url	https://access.redhat.com/errata/RHSA-2026:15943
reference_id	RHSA-2026:15943
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:15943

reference_url	https://access.redhat.com/errata/RHSA-2026:15945
reference_id	RHSA-2026:15945
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:15945

reference_url	https://access.redhat.com/errata/RHSA-2026:15966
reference_id	RHSA-2026:15966
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:15966

reference_url	https://access.redhat.com/errata/RHSA-2026:6906
reference_id	RHSA-2026:6906
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:6906

reference_url	https://access.redhat.com/errata/RHSA-2026:6907
reference_id	RHSA-2026:6907
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:6907

reference_url	https://access.redhat.com/errata/RHSA-2026:6923
reference_id	RHSA-2026:6923
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:6923

reference_url	https://access.redhat.com/errata/RHSA-2026:7002
reference_id	RHSA-2026:7002
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:7002

reference_url	https://access.redhat.com/errata/RHSA-2026:7343
reference_id	RHSA-2026:7343
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:7343

reference_url	https://access.redhat.com/errata/RHSA-2026:8346
reference_id	RHSA-2026:8346
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:8346

reference_url	https://usn.ubuntu.com/8210-1/
reference_id	USN-8210-1
reference_type
scores
url	https://usn.ubuntu.com/8210-1/

fixed_packages

url pkg:deb/debian/nginx@1.18.0-6.1%2Bdeb11u3?distro=trixie

purl pkg:deb/debian/nginx@1.18.0-6.1%2Bdeb11u3?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-kvpj-4273-4khg

vulnerability	VCID-xsdq-5m4c-mqcs

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nginx@1.18.0-6.1%252Bdeb11u3%3Fdistro=trixie

url	pkg:deb/debian/nginx@1.18.0-6.1%2Bdeb11u6?distro=trixie
purl	pkg:deb/debian/nginx@1.18.0-6.1%2Bdeb11u6?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/nginx@1.18.0-6.1%252Bdeb11u6%3Fdistro=trixie

url	pkg:deb/debian/nginx@1.22.1-9%2Bdeb12u5?distro=trixie
purl	pkg:deb/debian/nginx@1.22.1-9%2Bdeb12u5?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/nginx@1.22.1-9%252Bdeb12u5%3Fdistro=trixie

url pkg:deb/debian/nginx@1.22.1-9%2Bdeb12u6?distro=trixie

purl pkg:deb/debian/nginx@1.22.1-9%2Bdeb12u6?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-422n-2b44-mbh2

vulnerability	VCID-kvpj-4273-4khg

vulnerability	VCID-xsdq-5m4c-mqcs

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nginx@1.22.1-9%252Bdeb12u6%3Fdistro=trixie

url	pkg:deb/debian/nginx@1.26.3-3%2Bdeb13u3?distro=trixie
purl	pkg:deb/debian/nginx@1.26.3-3%2Bdeb13u3?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/nginx@1.26.3-3%252Bdeb13u3%3Fdistro=trixie

url pkg:deb/debian/nginx@1.26.3-3%2Bdeb13u4?distro=trixie

purl pkg:deb/debian/nginx@1.26.3-3%2Bdeb13u4?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-422n-2b44-mbh2

vulnerability	VCID-xsdq-5m4c-mqcs

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nginx@1.26.3-3%252Bdeb13u4%3Fdistro=trixie

url	pkg:deb/debian/nginx@1.28.3-1?distro=trixie
purl	pkg:deb/debian/nginx@1.28.3-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/nginx@1.28.3-1%3Fdistro=trixie

url	pkg:deb/debian/nginx@1.30.1-3?distro=trixie
purl	pkg:deb/debian/nginx@1.30.1-3?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/nginx@1.30.1-3%3Fdistro=trixie

aliases CVE-2026-27651

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ttbr-yfea-47c5

url VCID-uy9d-zu9s-6yh3

vulnerability_id VCID-uy9d-zu9s-6yh3

summary nginx: NGINX: Arbitrary Code Execution Vulnerability

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-42945.json

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-42945.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2026-42945

reference_id

reference_type

scores

value	0.00897
scoring_system	epss
scoring_elements	0.75963
published_at	2026-05-29T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2026-42945

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-42945
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-42945

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	8.6
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2477116
reference_id	2477116
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2477116

reference_url	https://nvd.nist.gov/vuln/detail/CVE-2026-42945
reference_id	CVE-2026-42945
reference_type
scores
url	https://nvd.nist.gov/vuln/detail/CVE-2026-42945

reference_url

https://my.f5.com/manage/s/article/K000161019

reference_id

K000161019

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	9.2
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-05-13T15:55:27Z/

url

https://my.f5.com/manage/s/article/K000161019

reference_url	https://access.redhat.com/errata/RHSA-2026:17417
reference_id	RHSA-2026:17417
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:17417

reference_url	https://access.redhat.com/errata/RHSA-2026:17751
reference_id	RHSA-2026:17751
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:17751

reference_url	https://access.redhat.com/errata/RHSA-2026:17752
reference_id	RHSA-2026:17752
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:17752

reference_url	https://access.redhat.com/errata/RHSA-2026:17753
reference_id	RHSA-2026:17753
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:17753

reference_url	https://access.redhat.com/errata/RHSA-2026:17790
reference_id	RHSA-2026:17790
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:17790

reference_url	https://access.redhat.com/errata/RHSA-2026:17791
reference_id	RHSA-2026:17791
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:17791

reference_url	https://access.redhat.com/errata/RHSA-2026:17792
reference_id	RHSA-2026:17792
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:17792

reference_url	https://access.redhat.com/errata/RHSA-2026:17793
reference_id	RHSA-2026:17793
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:17793

reference_url	https://access.redhat.com/errata/RHSA-2026:17794
reference_id	RHSA-2026:17794
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:17794

reference_url	https://access.redhat.com/errata/RHSA-2026:18029
reference_id	RHSA-2026:18029
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:18029

reference_url	https://access.redhat.com/errata/RHSA-2026:18041
reference_id	RHSA-2026:18041
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:18041

reference_url	https://access.redhat.com/errata/RHSA-2026:18063
reference_id	RHSA-2026:18063
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:18063

reference_url	https://access.redhat.com/errata/RHSA-2026:19159
reference_id	RHSA-2026:19159
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:19159

reference_url	https://access.redhat.com/errata/RHSA-2026:19371
reference_id	RHSA-2026:19371
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:19371

reference_url	https://access.redhat.com/errata/RHSA-2026:19372
reference_id	RHSA-2026:19372
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:19372

reference_url	https://access.redhat.com/errata/RHSA-2026:19374
reference_id	RHSA-2026:19374
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:19374

reference_url	https://access.redhat.com/errata/RHSA-2026:20442
reference_id	RHSA-2026:20442
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:20442

reference_url	https://access.redhat.com/errata/RHSA-2026:20444
reference_id	RHSA-2026:20444
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:20444

reference_url	https://access.redhat.com/errata/RHSA-2026:21275
reference_id	RHSA-2026:21275
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:21275

reference_url	https://usn.ubuntu.com/8271-1/
reference_id	USN-8271-1
reference_type
scores
url	https://usn.ubuntu.com/8271-1/

fixed_packages

url pkg:deb/debian/nginx@1.18.0-6.1%2Bdeb11u3?distro=trixie

purl pkg:deb/debian/nginx@1.18.0-6.1%2Bdeb11u3?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-kvpj-4273-4khg

vulnerability	VCID-xsdq-5m4c-mqcs

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nginx@1.18.0-6.1%252Bdeb11u3%3Fdistro=trixie

url	pkg:deb/debian/nginx@1.18.0-6.1%2Bdeb11u6?distro=trixie
purl	pkg:deb/debian/nginx@1.18.0-6.1%2Bdeb11u6?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/nginx@1.18.0-6.1%252Bdeb11u6%3Fdistro=trixie

url pkg:deb/debian/nginx@1.22.1-9%2Bdeb12u6?distro=trixie

purl pkg:deb/debian/nginx@1.22.1-9%2Bdeb12u6?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-422n-2b44-mbh2

vulnerability	VCID-kvpj-4273-4khg

vulnerability	VCID-xsdq-5m4c-mqcs

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nginx@1.22.1-9%252Bdeb12u6%3Fdistro=trixie

url	pkg:deb/debian/nginx@1.22.1-9%2Bdeb12u7?distro=trixie
purl	pkg:deb/debian/nginx@1.22.1-9%2Bdeb12u7?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/nginx@1.22.1-9%252Bdeb12u7%3Fdistro=trixie

url pkg:deb/debian/nginx@1.26.3-3%2Bdeb13u4?distro=trixie

purl pkg:deb/debian/nginx@1.26.3-3%2Bdeb13u4?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-422n-2b44-mbh2

vulnerability	VCID-xsdq-5m4c-mqcs

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nginx@1.26.3-3%252Bdeb13u4%3Fdistro=trixie

url	pkg:deb/debian/nginx@1.26.3-3%2Bdeb13u5?distro=trixie
purl	pkg:deb/debian/nginx@1.26.3-3%2Bdeb13u5?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/nginx@1.26.3-3%252Bdeb13u5%3Fdistro=trixie

url	pkg:deb/debian/nginx@1.30.0-3?distro=trixie
purl	pkg:deb/debian/nginx@1.30.0-3?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/nginx@1.30.0-3%3Fdistro=trixie

url	pkg:deb/debian/nginx@1.30.1-3?distro=trixie
purl	pkg:deb/debian/nginx@1.30.1-3?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/nginx@1.30.1-3%3Fdistro=trixie

aliases CVE-2026-42945

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-uy9d-zu9s-6yh3

url VCID-wc2b-cb7d-ekbq

vulnerability_id VCID-wc2b-cb7d-ekbq

summary nginx: ngx_http_ssl_module: data corruption and denial of service

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-40701.json

reference_id

reference_type

scores

value	4.8
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-40701.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2026-40701

reference_id

reference_type

scores

value	0.00044
scoring_system	epss
scoring_elements	0.13942
published_at	2026-05-29T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2026-40701

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-40701
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-40701

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	5.6
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2477076
reference_id	2477076
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2477076

reference_url	https://nvd.nist.gov/vuln/detail/CVE-2026-40701
reference_id	CVE-2026-40701
reference_type
scores
url	https://nvd.nist.gov/vuln/detail/CVE-2026-40701

reference_url

https://my.f5.com/manage/s/article/K000161021

reference_id

K000161021

reference_type

scores

value	4.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:L

value	6.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:L/SC:N/SI:N/SA:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-13T15:55:34Z/

url

https://my.f5.com/manage/s/article/K000161021

fixed_packages

url pkg:deb/debian/nginx@1.18.0-6.1%2Bdeb11u3?distro=trixie

purl pkg:deb/debian/nginx@1.18.0-6.1%2Bdeb11u3?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-kvpj-4273-4khg

vulnerability	VCID-xsdq-5m4c-mqcs

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nginx@1.18.0-6.1%252Bdeb11u3%3Fdistro=trixie

url	pkg:deb/debian/nginx@1.18.0-6.1%2Bdeb11u6?distro=trixie
purl	pkg:deb/debian/nginx@1.18.0-6.1%2Bdeb11u6?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/nginx@1.18.0-6.1%252Bdeb11u6%3Fdistro=trixie

url pkg:deb/debian/nginx@1.22.1-9%2Bdeb12u6?distro=trixie

purl pkg:deb/debian/nginx@1.22.1-9%2Bdeb12u6?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-422n-2b44-mbh2

vulnerability	VCID-kvpj-4273-4khg

vulnerability	VCID-xsdq-5m4c-mqcs

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nginx@1.22.1-9%252Bdeb12u6%3Fdistro=trixie

url	pkg:deb/debian/nginx@1.22.1-9%2Bdeb12u7?distro=trixie
purl	pkg:deb/debian/nginx@1.22.1-9%2Bdeb12u7?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/nginx@1.22.1-9%252Bdeb12u7%3Fdistro=trixie

url pkg:deb/debian/nginx@1.26.3-3%2Bdeb13u4?distro=trixie

purl pkg:deb/debian/nginx@1.26.3-3%2Bdeb13u4?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-422n-2b44-mbh2

vulnerability	VCID-xsdq-5m4c-mqcs

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nginx@1.26.3-3%252Bdeb13u4%3Fdistro=trixie

url	pkg:deb/debian/nginx@1.26.3-3%2Bdeb13u5?distro=trixie
purl	pkg:deb/debian/nginx@1.26.3-3%2Bdeb13u5?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/nginx@1.26.3-3%252Bdeb13u5%3Fdistro=trixie

url	pkg:deb/debian/nginx@1.30.0-4?distro=trixie
purl	pkg:deb/debian/nginx@1.30.0-4?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/nginx@1.30.0-4%3Fdistro=trixie

url	pkg:deb/debian/nginx@1.30.1-3?distro=trixie
purl	pkg:deb/debian/nginx@1.30.1-3?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/nginx@1.30.1-3%3Fdistro=trixie

aliases CVE-2026-40701

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-wc2b-cb7d-ekbq

Risk_score null

Resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nginx@1.18.0-6.1%252Bdeb11u6%3Fdistro=trixie

Package Instance