Количество 5
Количество 5
CVE-2026-28753
NGINX Plus and NGINX Open Source have a vulnerability in the ngx_mail_smtp_module module due to the improper handling of CRLF sequences in DNS responses. This allows an attacker-controlled DNS server to inject arbitrary headers into SMTP upstream requests, leading to potential request manipulation. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
CVE-2026-28753
NGINX Plus and NGINX Open Source have a vulnerability in the ngx_mail_smtp_module module due to the improper handling of CRLF sequences in DNS responses. This allows an attacker-controlled DNS server to inject arbitrary headers into SMTP upstream requests, leading to potential request manipulation. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
CVE-2026-28753
NGINX ngx_mail_proxy_module vulnerability
CVE-2026-28753
NGINX Plus and NGINX Open Source have a vulnerability in the ngx_mail_ ...
GHSA-ggr6-fmr8-2m8g
NGINX Plus and NGINX Open Source have a vulnerability in the ngx_mail_smtp_module module due to the improper handling of CRLF sequences in DNS responses. This allows an attacker-controlled DNS server to inject arbitrary headers into SMTP upstream requests, leading to potential request manipulation. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
 | CVE-2026-28753 NGINX Plus and NGINX Open Source have a vulnerability in the ngx_mail_smtp_module module due to the improper handling of CRLF sequences in DNS responses. This allows an attacker-controlled DNS server to inject arbitrary headers into SMTP upstream requests, leading to potential request manipulation. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. | CVSS3: 3.7 | 0% Низкий | 7 дней назад |
 | CVE-2026-28753 NGINX Plus and NGINX Open Source have a vulnerability in the ngx_mail_smtp_module module due to the improper handling of CRLF sequences in DNS responses. This allows an attacker-controlled DNS server to inject arbitrary headers into SMTP upstream requests, leading to potential request manipulation. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. | CVSS3: 3.7 | 0% Низкий | 7 дней назад |
 | CVE-2026-28753 NGINX ngx_mail_proxy_module vulnerability | CVSS3: 3.7 | 0% Низкий | 5 дней назад |
| CVE-2026-28753 NGINX Plus and NGINX Open Source have a vulnerability in the ngx_mail_ ... | CVSS3: 3.7 | 0% Низкий | 7 дней назад |
| GHSA-ggr6-fmr8-2m8g NGINX Plus and NGINX Open Source have a vulnerability in the ngx_mail_smtp_module module due to the improper handling of CRLF sequences in DNS responses. This allows an attacker-controlled DNS server to inject arbitrary headers into SMTP upstream requests, leading to potential request manipulation. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. | CVSS3: 3.7 | 0% Низкий | 7 дней назад |
Уязвимостей на страницу