NGINX ngx_mail_auth_http_module causes worker process crash
CVE-2026-27651 Published on March 24, 2026
NGINX ngx_mail_auth_http_module vulnerability
When the ngx_mail_auth_http_module module is enabled on NGINX Plus or NGINX Open Source, undisclosed requests can cause worker processes to terminate. This issue may occur when (1) CRAM-MD5 or APOP authentication is enabled, and (2) the authentication server permits retry by returning the Auth-Wait response header. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
Vulnerability Analysis
CVE-2026-27651 can be exploited with network access, and does not require authorization privileges or user interaction. This vulnerability is considered to have a low attack complexity. The potential impact of an exploit of this vulnerability is considered to have no impact on confidentiality and integrity, and a high impact on availability.
Weakness Type
NULL Pointer Dereference
A NULL pointer dereference occurs when the application dereferences a pointer that it expects to be valid, but is NULL, typically causing a crash or exit. NULL pointer dereference issues can occur through a number of flaws, including race conditions, and simple programming omissions.
Products Associated with CVE-2026-27651
stack.watch emails you whenever new vulnerabilities are published in F5 Networks Nginx Open Source or F5 Networks Nginx Plus. Just hit a watch button to start following.
Affected Versions
F5 NGINX Open Source:- Version 1.29.0 and below 1.29.7 is affected.
- Version 0.5.15 and below 1.28.3 is affected.
- Version R36 and below R36 P3 is affected.
- Version R35 and below R35 P2 is affected.
- Version R34 and below * is affected.
- Version R33 and below * is affected.
- Version R32 and below R32 P5 is affected.