{"error":0,"message":null,"data":{"nginx":"1.22","name":"nginx 1.22","status":"d","date_start":"2022-05-24","date_end":"2023-04-11","vulnerability":[{"uuid":"05a6e624d61a67d079da3337e90c2e1a222731a9b6da6b9695883ec84efac5d8","name":"nginx 1.22 < 1.22.1","operator":{"min_version":null,"min_operator":null,"max_version":"1.22.1","max_operator":"lt","unfixed":0},"source":[{"id":"CVE-2022-41741","link":"https:\/\/www.cve.org\/CVERecord?id=CVE-2022-41741","description":"[en] NGINX Open Source before versions 1.23.2 and 1.22.1, NGINX Open Source Subscription before versions R2 P1 and R1 P1, and NGINX Plus before versions R27 P1 and R26 P1 have a vulnerability in the module ngx_http_mp4_module that might allow a local attacker to corrupt NGINX worker memory, resulting in its termination or potential other impact using a specially crafted audio or video file. The issue affects only NGINX products that are built with the ngx_http_mp4_module, when the mp4 directive is used in the configuration file. Further, the attack is possible only if an attacker can trigger processing of a specially crafted audio or video file with the module ngx_http_mp4_module.","date":"2022-10-19"}],"impact":{"cvss3":{"version":"3.1","vector":"CVSS:3.1\/AV:L\/AC:H\/PR:L\/UI:N\/S:U\/C:H\/I:H\/A:H","score":"7.0","severity":"high","av":"local","ac":"high","pr":"low","ui":"none","s":"unchanged","c":"high","i":"high","a":"high","exploitable":null,"impact":null},"kev":false,"cwe":[{"cwe":"CWE-787","name":"Out-of-bounds Write","description":"The product writes data past the end, or before the beginning, of the intended buffer."}]}},{"uuid":"8280bdef4199898aa0c2c39ce237d2c214aa1469f3dee0913168f38f4b93fc7c","name":"nginx 1.22 < 1.22.1","operator":{"min_version":null,"min_operator":null,"max_version":"1.22.1","max_operator":"lt","unfixed":0},"source":[{"id":"CVE-2022-41742","link":"https:\/\/www.cve.org\/CVERecord?id=CVE-2022-41742","description":"[en] NGINX Open Source before versions 1.23.2 and 1.22.1, NGINX Open Source Subscription before versions R2 P1 and R1 P1, and NGINX Plus before versions R27 P1 and R26 P1 have a vulnerability in the module ngx_http_mp4_module that might allow a local attacker to cause a worker process crash, or might result in worker process memory disclosure by using a specially crafted audio or video file. The issue affects only NGINX products that are built with the module ngx_http_mp4_module, when the mp4 directive is used in the configuration file. Further, the attack is possible only if an attacker can trigger processing of a specially crafted audio or video file with the module ngx_http_mp4_module.","date":"2022-10-19"}],"impact":{"cvss3":{"version":"3.1","vector":"CVSS:3.1\/AV:L\/AC:L\/PR:L\/UI:N\/S:U\/C:H\/I:N\/A:H","score":"7.1","severity":"high","av":"local","ac":"low","pr":"low","ui":"none","s":"unchanged","c":"high","i":"none","a":"high","exploitable":null,"impact":null},"kev":false,"cwe":[{"cwe":"CWE-787","name":"Out-of-bounds Write","description":"The product writes data past the end, or before the beginning, of the intended buffer."}]}},{"uuid":"acc1268e73c12745fd72a9fc5294219bdf7f29c9cc99b088ae5e366d6119099d","name":"nginx 1.22 <= 1.22.1 (unfixed)","operator":{"min_version":null,"min_operator":null,"max_version":"1.22.1","max_operator":"le","unfixed":1},"source":[{"id":"CVE-2023-44487","link":"https:\/\/www.cve.org\/CVERecord?id=CVE-2023-44487","description":"[en] The HTTP\/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023.","date":"2023-10-10"}],"impact":{"cvss3":{"version":"3.1","vector":"CVSS:3.1\/AV:N\/AC:L\/PR:N\/UI:N\/S:U\/C:N\/I:N\/A:H","score":"7.5","severity":"high","av":"network","ac":"low","pr":"none","ui":"none","s":"unchanged","c":"none","i":"none","a":"high","exploitable":null,"impact":null},"kev":true,"cwe":[{"cwe":"CWE-400","name":"Uncontrolled Resource Consumption","description":"The product does not properly control the allocation and maintenance of a limited resource."}]}},{"uuid":"93715f9f5722f93eb5cb080574533b7c34ae313d4764b12cb86ea0039b87fdef","name":"nginx 1.22 <= 1.22.1 (unfixed)","operator":{"min_version":null,"min_operator":null,"max_version":"1.22.1","max_operator":"le","unfixed":1},"source":[{"id":"CVE-2024-7347","link":"https:\/\/www.cve.org\/CVERecord?id=CVE-2024-7347","description":"[en] NGINX Open Source and NGINX Plus have a vulnerability in the ngx_http_mp4_module, which might allow an attacker to over-read NGINX worker memory resulting in its termination, using a specially crafted mp4 file. The issue only affects NGINX if it is built with the ngx_http_mp4_module and the mp4 directive is used in the configuration file. Additionally, the attack is possible only if an attacker can trigger the processing of a specially crafted mp4 file with the ngx_http_mp4_module.\u00a0 Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.","date":"2024-08-14"}],"impact":{"cvss3":{"version":"3.1","vector":"CVSS:3.1\/AV:L\/AC:H\/PR:L\/UI:N\/S:U\/C:N\/I:N\/A:H","score":"4.7","severity":"medium","av":"local","ac":"high","pr":"low","ui":"none","s":"unchanged","c":"none","i":"none","a":"high","exploitable":null,"impact":null},"kev":false,"cwe":[{"cwe":"CWE-125","name":"Out-of-bounds Read","description":"The product reads data past the end, or before the beginning, of the intended buffer."},{"cwe":"CWE-126","name":"Buffer Over-read","description":"The product reads from a buffer using buffer access mechanisms such as indexes or pointers that reference memory locations after the targeted buffer."}]}},{"uuid":"9a0d62368298dfab3ab01cc0cb5b9eb8dba06e6561e18a3987af9fa68eea20f6","name":"nginx 1.22 <= 1.22.1 (unfixed)","operator":{"min_version":null,"min_operator":null,"max_version":"1.22.1","max_operator":"le","unfixed":1},"source":[{"id":"CVE-2025-23419","link":"https:\/\/www.cve.org\/CVERecord?id=CVE-2025-23419","description":"[en] When multiple server blocks are configured to share the same IP address and port, an attacker can use session resumption to bypass client certificate authentication requirements on these servers. This vulnerability arises when  TLS Session Tickets https:\/\/nginx.org\/en\/docs\/http\/ngx_http_ssl_module.html#ssl_session_ticket_key  are used and\/or the  SSL session cache https:\/\/nginx.org\/en\/docs\/http\/ngx_http_ssl_module.html#ssl_session_cache  are used in the default server and the default server is performing client certificate authentication.\u00a0\u00a0\n\nNote: Software versions which have reached End of Technical Support (EoTS) are not evaluated.","date":"2025-02-05"}],"impact":{"cvss3":{"version":"3.1","vector":"CVSS:3.1\/AV:N\/AC:L\/PR:L\/UI:N\/S:U\/C:L\/I:N\/A:N","score":"4.3","severity":"medium","av":"network","ac":"low","pr":"low","ui":"none","s":"unchanged","c":"low","i":"none","a":"none","exploitable":null,"impact":null},"kev":false,"cwe":[{"cwe":"CWE-287","name":"Improper Authentication","description":"When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct."},{"cwe":"CWE-863","name":"Incorrect Authorization","description":"The product performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check."}]}},{"uuid":"dac87df91bdb66e6baf4d6728e470652cf3ea19388a1156f232d0226e59e8bc5","name":"nginx 1.22 <= 1.22.1 (unfixed)","operator":{"min_version":null,"min_operator":null,"max_version":"1.22.1","max_operator":"le","unfixed":1},"source":[{"id":"CVE-2025-53859","link":"https:\/\/www.cve.org\/CVERecord?id=CVE-2025-53859","description":"[en] NGINX Open Source and NGINX Plus have a vulnerability in the ngx_mail_smtp_module that might allow an unauthenticated attacker to over-read NGINX SMTP authentication process memory; as a result, the server side may leak arbitrary bytes sent in a request to the authentication server. This issue happens during the NGINX SMTP authentication process and requires the attacker to make preparations against the target system to extract the leaked data. The issue affects NGINX only if (1) it is built with the ngx_mail_smtp_module, (2) the smtp_auth directive is configured with method \"none,\" and (3) the authentication server returns the \"Auth-Wait\" response header.\n\n\n\n\nNote: Software versions which have reached End of Technical Support (EoTS) are not evaluated.","date":"2025-08-13"}],"impact":{"cvss3":{"version":"3.1","vector":"CVSS:3.1\/AV:N\/AC:H\/PR:N\/UI:N\/S:U\/C:L\/I:N\/A:N","score":"3.7","severity":"low","av":"network","ac":"high","pr":"none","ui":"none","s":"unchanged","c":"low","i":"none","a":"none","exploitable":null,"impact":null},"kev":false,"cwe":[{"cwe":"CWE-125","name":"Out-of-bounds Read","description":"The product reads data past the end, or before the beginning, of the intended buffer."}]}},{"uuid":"6497fdcb8e33c4d138192c463948708885ec0906b225cf5c4afb90317a30b5c0","name":"nginx 1.22 <= 1.22.1 (unfixed)","operator":{"min_version":null,"min_operator":null,"max_version":"1.22.1","max_operator":"le","unfixed":1},"source":[{"id":"CVE-2026-1642","link":"https:\/\/www.cve.org\/CVERecord?id=CVE-2026-1642","description":"A vulnerability exists in NGINX OSS and NGINX Plus when configured to proxy to upstream Transport Layer Security (TLS) servers. An attacker with a man-in-the-middle (MITM) position on the upstream server side\u2014along with conditions beyond the attacker's control\u2014may be able to inject plain text data into the response from an upstream proxied server.\u00a0\u00a0Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.","date":"2026-02-04"}],"impact":{"cvss3":{"version":"3.1","vector":"CVSS:3.1\/AV:N\/AC:H\/PR:N\/UI:N\/S:U\/C:N\/I:H\/A:N","score":"5.9","severity":"medium","av":"network","ac":"high","pr":"none","ui":"none","s":"unchanged","c":"none","i":"high","a":"none","exploitable":null,"impact":null},"kev":false,"cwe":[{"cwe":"CWE-345","name":"Insufficient Verification of Data Authenticity","description":"The product does not sufficiently verify the origin or authenticity of data, in a way that causes it to accept invalid data."},{"cwe":"CWE-349","name":"Acceptance of Extraneous Untrusted Data With Trusted Data","description":"The product, when processing trusted data, accepts any untrusted data that is also included with the trusted data, treating the untrusted data as if it were trusted."}]}},{"uuid":"9828c7bb393612107e0b258f04e5eec544517818e02f3d4d351951e87c8443bc","name":"nginx 1.22 <= 1.22.1 (unfixed)","operator":{"min_version":null,"min_operator":null,"max_version":"1.22.1","max_operator":"le","unfixed":1},"source":[{"id":"CVE-2026-27651","link":"https:\/\/www.cve.org\/CVERecord?id=CVE-2026-27651","description":"[en] When the ngx_mail_auth_http_module\u00a0module is enabled on NGINX Plus or NGINX Open Source, undisclosed requests can cause worker processes to terminate. This issue may occur when (1) CRAM-MD5 or APOP authentication is enabled, and (2) the authentication server permits retry by returning the Auth-Wait response header. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.","date":"2026-03-24"}],"impact":{"cvss3":{"version":"3.1","vector":"CVSS:3.1\/AV:N\/AC:L\/PR:N\/UI:N\/S:U\/C:N\/I:N\/A:H","score":"7.5","severity":"high","av":"network","ac":"low","pr":"none","ui":"none","s":"unchanged","c":"none","i":"none","a":"high","exploitable":null,"impact":null},"kev":false,"cwe":[{"cwe":"CWE-476","name":"NULL Pointer Dereference","description":"The product dereferences a pointer that it expects to be valid but is NULL."}]}},{"uuid":"095b5a76f639fa7c6a679c333465daf3cd19696388e1560589c04b693ae2bdaa","name":"nginx 1.22 <= 1.22.1 (unfixed)","operator":{"min_version":null,"min_operator":null,"max_version":"1.22.1","max_operator":"le","unfixed":1},"source":[{"id":"CVE-2026-27654","link":"https:\/\/www.cve.org\/CVERecord?id=CVE-2026-27654","description":"[en] NGINX Open Source and NGINX Plus have a vulnerability in the ngx_http_dav_module module that might allow an attacker to trigger a buffer overflow to the NGINX worker process; this vulnerability may result in termination of the NGINX worker process or modification of source or destination file names outside the document root. This issue affects NGINX Open Source and NGINX Plus when the configuration file uses DAV module MOVE or COPY methods, prefix location (nonregular expression location configuration), and alias directives. The integrity impact is constrained because the NGINX worker process user has low privileges and does not have access to the entire system. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.","date":"2026-03-24"}],"impact":{"cvss3":{"version":"3.1","vector":"CVSS:3.1\/AV:N\/AC:L\/PR:N\/UI:N\/S:U\/C:N\/I:L\/A:H","score":"8.2","severity":"high","av":"network","ac":"low","pr":"none","ui":"none","s":"unchanged","c":"none","i":"low","a":"high","exploitable":null,"impact":null},"kev":false,"cwe":[{"cwe":"CWE-120","name":"Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')","description":"The product copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer."},{"cwe":"CWE-122","name":"Heap-based Buffer Overflow","description":"A heap overflow condition is a buffer overflow, where the buffer that can be overwritten is allocated in the heap portion of memory, generally meaning that the buffer was allocated using a routine such as malloc()."}]}},{"uuid":"c4698f85f9e63e3abca3f54e500d3b75896adb193d8d1108f4a7c53cecd4cb9a","name":"nginx 1.22 <= 1.22.1 (unfixed)","operator":{"min_version":null,"min_operator":null,"max_version":"1.22.1","max_operator":"le","unfixed":1},"source":[{"id":"CVE-2026-27784","link":"https:\/\/www.cve.org\/CVERecord?id=CVE-2026-27784","description":"[en] The 32-bit implementation of NGINX Open Source has a vulnerability in the ngx_http_mp4_module module, which might allow an attacker to over-read or over-write NGINX worker memory resulting in its termination, using a specially crafted MP4 file. The issue only affects 32-bit NGINX Open Source if it is built with the ngx_http_mp4_module module and the mp4 directive is used in the configuration file. Additionally, the attack is possible only if an attacker can trigger the processing of a specially crafted MP4 file with the ngx_http_mp4_module module. \n\n\nNote: Software versions which have reached End of Technical Support (EoTS) are not evaluated.","date":"2026-03-24"}],"impact":{"cvss3":{"version":"3.1","vector":"CVSS:3.1\/AV:L\/AC:L\/PR:L\/UI:N\/S:U\/C:H\/I:H\/A:H","score":"7.8","severity":"high","av":"local","ac":"low","pr":"low","ui":"none","s":"unchanged","c":"high","i":"high","a":"high","exploitable":null,"impact":null},"kev":false,"cwe":[{"cwe":"CWE-190","name":"Integer Overflow or Wraparound","description":"The product performs a calculation that can\n         produce an integer overflow or wraparound when the logic\n         assumes that the resulting value will always be larger than\n         the original value. This occurs when an integer value is\n         incremented to a value that is too large to store in the\n         associated representation. When this occurs, the value may\n         become a very small or negative number."}]}},{"uuid":"3fdd6f6e7774b4a94d1d7bc641784213c4748da762ea40de40fea3c6de7ad6b5","name":"nginx 1.22 <= 1.22.1 (unfixed)","operator":{"min_version":null,"min_operator":null,"max_version":"1.22.1","max_operator":"le","unfixed":1},"source":[{"id":"CVE-2026-28753","link":"https:\/\/www.cve.org\/CVERecord?id=CVE-2026-28753","description":"[en] NGINX Plus and NGINX Open Source have a vulnerability in the ngx_mail_smtp_module module due to the improper handling of CRLF sequences in DNS responses. This allows an attacker-controlled DNS server to inject arbitrary headers into SMTP upstream requests, leading to potential request manipulation. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.","date":"2026-03-24"}],"impact":{"cvss3":{"version":"3.1","vector":"CVSS:3.1\/AV:N\/AC:H\/PR:N\/UI:N\/S:U\/C:N\/I:L\/A:N","score":"3.7","severity":"low","av":"network","ac":"high","pr":"none","ui":"none","s":"unchanged","c":"none","i":"low","a":"none","exploitable":null,"impact":null},"kev":false,"cwe":[{"cwe":"CWE-93","name":"Improper Neutralization of CRLF Sequences ('CRLF Injection')","description":"The product uses CRLF (carriage return line feeds) as a special element, e.g. to separate lines or records, but it does not neutralize or incorrectly neutralizes CRLF sequences from inputs."}]}},{"uuid":"b8ecf7ca106c7e606bfd11b49b7c6150c951b96bac48f2e99a5db2cd282464d0","name":"nginx 1.22 <= 1.22.1 (unfixed)","operator":{"min_version":null,"min_operator":null,"max_version":"1.22.1","max_operator":"le","unfixed":1},"source":[{"id":"CVE-2026-32647","link":"https:\/\/www.cve.org\/CVERecord?id=CVE-2026-32647","description":"[en] NGINX Open Source and NGINX Plus have a vulnerability in the ngx_http_mp4_module module, which might allow an attacker to trigger a buffer over-read or over-write to the NGINX worker memory resulting in its termination or possibly code execution, using a specially crafted MP4 file. This issue affects NGINX Open Source and NGINX Plus if it is built with the ngx_http_mp4_module module and the mp4 directive is used in the configuration file. Additionally, the attack is possible only if an attacker can trigger the processing of a specially crafted MP4 file with the ngx_http_mp4_module module. \n\n\nNote: Software versions which have reached End of Technical Support (EoTS) are not evaluated.","date":"2026-03-24"}],"impact":{"cvss3":{"version":"3.1","vector":"CVSS:3.1\/AV:L\/AC:L\/PR:L\/UI:N\/S:U\/C:H\/I:H\/A:H","score":"7.8","severity":"high","av":"local","ac":"low","pr":"low","ui":"none","s":"unchanged","c":"high","i":"high","a":"high","exploitable":null,"impact":null},"kev":false,"cwe":[{"cwe":"CWE-125","name":"Out-of-bounds Read","description":"The product reads data past the end, or before the beginning, of the intended buffer."}]}},{"uuid":"ad085172cac431e44757232497d02c44bb23b0a573aa27c135c812b3933be4ee","name":"nginx 1.22 <= 1.22.1 (unfixed)","operator":{"min_version":null,"min_operator":null,"max_version":"1.22.1","max_operator":"le","unfixed":1},"source":[{"id":"CVE-2026-42946","link":"https:\/\/www.cve.org\/CVERecord?id=CVE-2026-42946","description":"[en] A vulnerability exists in the ngx_http_scgi_module\u00a0and ngx_http_uwsgi_module\u00a0modules that may result in excessive memory allocation or an over-read of data. When scgi_pass\u00a0or uwsgi_pass\u00a0is configured, an unauthenticated attacker with man-in-the-middle (MITM) ability to control responses from an upstream server may be able to read the memory of the NGINX worker process or restart it.\u00a0 Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.","date":"2026-05-13"}],"impact":{"cvss3":{"version":"3.1","vector":"CVSS:3.1\/AV:N\/AC:H\/PR:N\/UI:N\/S:U\/C:H\/I:N\/A:L","score":"6.5","severity":"medium","av":"network","ac":"high","pr":"none","ui":"none","s":"unchanged","c":"high","i":"none","a":"low","exploitable":null,"impact":null},"kev":false,"cwe":[{"cwe":"CWE-789","name":"Memory Allocation with Excessive Size Value","description":"The product allocates memory based on an untrusted, large size value, but it does not ensure that the size is within expected limits, allowing arbitrary amounts of memory to be allocated."},{"cwe":"CWE-823","name":"Use of Out-of-range Pointer Offset","description":"The product performs pointer arithmetic on a valid pointer, but it uses an offset that can point outside of the intended range of valid memory locations for the resulting pointer."}]}},{"uuid":"1620862173bfe00170d67bc3232d6b4e17fbec5876240531fdebb0964c462e55","name":"nginx 1.22 <= 1.22.1 (unfixed)","operator":{"min_version":null,"min_operator":null,"max_version":"1.22.1","max_operator":"le","unfixed":1},"source":[{"id":"CVE-2026-40701","link":"https:\/\/www.cve.org\/CVERecord?id=CVE-2026-40701","description":"[en] NGINX Plus and NGINX Open Source have a vulnerability in the ngx_http_ssl_module\u00a0module when the ssl_verify_client\u00a0directive is set to \"on\" or \"optional,\" and the ssl_ocsp\u00a0directive is set to \"on\" or the leaf\u00a0parameters are configured with a resolver. With this configuration, an unauthenticated attacker can send requests along with conditions beyond its control that may cause a heap-use-after-free error in the NGINX worker process. This vulnerability may result in limited modification of data or the NGINX worker process restarting.\n\n\n\n\u00a0Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.","date":"2026-05-13"}],"impact":{"cvss3":{"version":"3.1","vector":"CVSS:3.1\/AV:N\/AC:H\/PR:N\/UI:N\/S:U\/C:L\/I:N\/A:L","score":"4.8","severity":"medium","av":"network","ac":"high","pr":"none","ui":"none","s":"unchanged","c":"low","i":"none","a":"low","exploitable":null,"impact":null},"kev":false,"cwe":[{"cwe":"CWE-416","name":"Use After Free","description":"The product reuses or references memory after it has been freed. At some point afterward, the memory may be allocated again and saved in another pointer, while the original pointer references a location somewhere within the new allocation. Any operations using the original pointer are no longer valid because the memory \"belongs\" to the code that operates on the new pointer."}]}},{"uuid":"f6de7f454de08fb88eaa9be1c26bf78c7e0f10881072f956e7862ca32717f2ac","name":"nginx 1.22 <= 1.22.1 (unfixed)","operator":{"min_version":null,"min_operator":null,"max_version":"1.22.1","max_operator":"le","unfixed":1},"source":[{"id":"CVE-2026-42934","link":"https:\/\/www.cve.org\/CVERecord?id=CVE-2026-42934","description":"[en] NGINX Plus and NGINX Open Source have a vulnerability in the ngx_http_charset_module module. When charset, source_charset, and charset_map\u00a0and proxy_pass\u00a0with disabled buffering (\"off\") directives are configured, unauthenticated attackers can send requests that with conditions beyond the attackers' control to cause a heap buffer over-read in the NGINX worker process, leading to limited disclosure of memory or a restart.\n\n\n\n\u00a0Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.","date":"2026-05-13"}],"impact":{"cvss3":{"version":"3.1","vector":"CVSS:3.1\/AV:N\/AC:H\/PR:N\/UI:N\/S:U\/C:L\/I:N\/A:L","score":"4.8","severity":"medium","av":"network","ac":"high","pr":"none","ui":"none","s":"unchanged","c":"low","i":"none","a":"low","exploitable":null,"impact":null},"kev":false,"cwe":[{"cwe":"CWE-125","name":"Out-of-bounds Read","description":"The product reads data past the end, or before the beginning, of the intended buffer."},{"cwe":"CWE-126","name":"Buffer Over-read","description":"The product reads from a buffer using buffer access mechanisms such as indexes or pointers that reference memory locations after the targeted buffer."}]}}]},"updated":1780874438}