{"id":"CVE-2026-27784","details":"The 32-bit implementation of NGINX Open Source has a vulnerability in the ngx_http_mp4_module module, which might allow an attacker to over-read or over-write NGINX worker memory resulting in its termination, using a specially crafted MP4 file. The issue only affects 32-bit NGINX Open Source if it is built with the ngx_http_mp4_module module and the mp4 directive is used in the configuration file. Additionally, the attack is possible only if an attacker can trigger the processing of a specially crafted MP4 file with the ngx_http_mp4_module module. \n\n\nNote: Software versions which have reached End of Technical Support (EoTS) are not evaluated.","aliases":["BIT-nginx-2026-27784","BIT-nginx-gateway-2026-27784"],"modified":"2026-06-18T03:57:19.061049897Z","published":"2026-03-24T15:16:33.350Z","related":["ALSA-2026:6906","ALSA-2026:6907","ALSA-2026:6923","ALSA-2026:7002","ALSA-2026:7343","SUSE-SU-2026:1761-1","SUSE-SU-2026:1953-1","SUSE-SU-2026:21823-1","openSUSE-SU-2026:10423-1","openSUSE-SU-2026:20784-1"],"database_specific":{},"references":[{"type":"ADVISORY","url":"https://my.f5.com/manage/s/article/K000160364"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/nginx/nginx","events":[{"introduced":"40616fa048ea1245b076b9530547cdb097867814"},{"fixed":"9b958b000776c88036cd800c66e7e4ad39e6fd41"},{"introduced":"235f409907fd60eb2d8f6ecdc0e5cb163dd6d45f"},{"fixed":"5ac6f49371f9fcdf21ca4b4fd2a8657576f0885b"}],"database_specific":{"extracted_events":[{"introduced":"1.1.19"},{"fixed":"1.28.3"},{"introduced":"1.29.0"},{"fixed":"1.29.7"}],"source":"CPE_RANGE","cpe":"cpe:2.3:a:f5:nginx_open_source:*:*:*:*:*:*:*:*"}}],"versions":["release-1.28.2","release-1.29.6","release-1.29.5","release-1.28.1","release-1.28.0","release-1.29.4","release-1.29.3","release-1.29.2","release-1.29.1","release-1.29.0","release-1.27.5","release-1.27.4","release-1.27.3","release-1.27.2","release-1.27.1","release-1.27.0","release-1.25.5","release-1.25.4","release-1.25.3","release-1.25.2","release-1.25.1","release-1.25.0","release-1.23.4","release-1.23.3","release-1.23.2","release-1.23.1","release-1.23.0","release-1.21.6","release-1.21.5","release-1.21.4","release-1.21.3","release-1.21.2","release-1.21.1","release-1.21.0","release-1.19.10","release-1.19.9","release-1.19.8","release-1.19.7","release-1.19.6","release-1.19.5","release-1.19.4","release-1.19.3","release-1.19.2","release-1.19.1","release-1.19.0","release-1.17.10","release-1.17.9","release-1.17.8","release-1.17.7","release-1.17.6","release-1.17.5","release-1.17.4","release-1.17.3","release-1.17.2","release-1.17.1","release-1.17.0","release-1.15.12","release-1.15.11","release-1.15.10","release-1.15.9","release-1.15.8","release-1.15.7","release-1.15.6","release-1.15.5","release-1.15.4","release-1.15.3","release-1.15.2","release-1.15.1","release-1.15.0","release-1.13.12","release-1.13.11","release-1.13.10","release-1.13.9","release-1.13.8","release-1.13.7","release-1.13.6","release-1.13.5","release-1.13.4","release-1.13.3","release-1.13.2","release-1.13.1","release-1.13.0","release-1.11.13","release-1.11.12","release-1.11.11","release-1.11.10","release-1.11.9","release-1.11.8","release-1.11.7","release-1.11.6","release-1.11.5","release-1.11.4","release-1.11.3","release-1.11.2","release-1.11.1","release-1.11.0","release-1.9.15","release-1.9.14","release-1.9.13","release-1.9.12","release-1.9.11","release-1.9.10","release-1.9.9","release-1.9.8","release-1.9.7","release-1.9.6","release-1.9.5","release-1.9.4","release-1.9.3","release-1.9.2","release-1.9.1","release-1.9.0","release-1.7.12","release-1.7.11","release-1.7.10","release-1.7.9","release-1.7.8","release-1.7.7","release-1.7.6","release-1.7.5","release-1.7.4","release-1.7.3","release-1.7.2","release-1.7.1","release-1.7.0","release-1.5.13","release-1.5.12","release-1.5.11","release-1.5.10","release-1.5.9","release-1.5.8","release-1.5.7","release-1.5.6","release-1.5.5","release-1.5.4","release-1.5.3","release-1.5.2","release-1.5.1","release-1.5.0","release-1.4.0","release-1.3.16","release-1.3.15","release-1.3.14","release-1.3.13","release-1.3.12","release-1.3.11","release-1.3.10","release-1.3.9","release-1.3.8","release-1.3.7","release-1.3.6","release-1.3.5","release-1.3.4","release-1.3.3","release-1.3.2","release-1.3.1","release-1.3.0","release-1.2.0","release-1.1.19"],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2026-27784.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"}]}