{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-27651", "assignerOrgId": "9dacffd4-cb11-413f-8451-fbbfd4ddc0ab", "state": "PUBLISHED", "assignerShortName": "f5", "dateReserved": "2026-03-18T16:06:38.454Z", "datePublished": "2026-03-24T14:13:27.295Z", "dateUpdated": "2026-03-24T15:14:13.220Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "9dacffd4-cb11-413f-8451-fbbfd4ddc0ab", "shortName": "f5", "dateUpdated": "2026-03-24T14:22:35.756Z"}, "title": "NGINX ngx_mail_auth_http_module vulnerability", "datePublic": "2026-03-24T14:00:00.000Z", "problemTypes": [{"descriptions": [{"lang": "en", "cweId": "CWE-476", "description": "CWE-476 NULL Pointer Dereference", "type": "CWE"}]}], "affected": [{"vendor": "F5", "product": "NGINX Open Source", "modules": ["ngx_mail_auth_http_module"], "versions": [{"status": "affected", "version": "1.29.0", "lessThan": "1.29.7", "versionType": "semver"}, {"status": "affected", "version": "0.5.15", "lessThan": "1.28.3", "versionType": "semver"}], "defaultStatus": "unknown"}, {"vendor": "F5", "product": "NGINX Plus", "modules": ["ngx_mail_auth_http_module"], "versions": [{"status": "affected", "version": "R36", "lessThan": "R36 P3", "versionType": "custom"}, {"status": "affected", "version": "R35", "lessThan": "R35 P2", "versionType": "custom"}, {"status": "affected", "version": "R34", "lessThan": "*", "versionType": "custom"}, {"status": "affected", "version": "R33", "lessThan": "*", "versionType": "custom"}, {"status": "affected", "version": "R32", "lessThan": "R32 P5", "versionType": "custom"}], "defaultStatus": "unaffected"}], "descriptions": [{"lang": "en", "value": "When the ngx_mail_auth_http_module\u00a0module is enabled on NGINX Plus or NGINX Open Source, undisclosed requests can cause worker processes to terminate. This issue may occur when (1) CRAM-MD5 or APOP authentication is enabled, and (2) the authentication server permits retry by returning the Auth-Wait response header. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.", "supportingMedia": [{"type": "text/html", "base64": false, "value": "<span style=\"background-color: rgb(255, 255, 255);\">When the </span><strong>ngx_mail_auth_http_module</strong><span style=\"background-color: rgb(255, 255, 255);\">&nbsp;module is enabled on NGINX Plus or NGINX Open Source, undisclosed requests can cause worker processes to terminate. This issue may occur when (1) CRAM-MD5 or APOP authentication is enabled, and (2) the authentication server permits retry by returning the Auth-Wait response header.</span> Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated."}]}], "references": [{"url": "https://my.f5.com/manage/s/article/K000160383", "tags": ["vendor-advisory"]}], "metrics": [{"format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}], "cvssV3_1": {"version": "3.1", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "HIGH", "baseSeverity": "HIGH", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}}, {"format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}], "cvssV4_0": {"version": "4.0", "attackVector": "NETWORK", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "userInteraction": "NONE", "vulnConfidentialityImpact": "NONE", "subConfidentialityImpact": "NONE", "vulnIntegrityImpact": "NONE", "subIntegrityImpact": "NONE", "vulnAvailabilityImpact": "HIGH", "subAvailabilityImpact": "NONE", "Safety": "NOT_DEFINED", "Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "valueDensity": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "baseSeverity": "HIGH", "baseScore": 8.7, "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"}}], "credits": [{"lang": "en", "value": "F5 acknowledges Arkadi Vainbrand for bringing this issue to our attention and following the highest standards of coordinated disclosure.", "type": "reporter"}], "source": {"discovery": "EXTERNAL"}, "x_generator": {"engine": "F5 SIRTBot v1.0"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-03-24T15:02:03.137056Z", "id": "CVE-2026-27651", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-24T15:14:13.220Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-27651", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-03-24T15:02:03.137056Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-24T15:14:09.900Z"}}], "cna": {"title": "NGINX ngx_mail_auth_http_module vulnerability", "source": {"discovery": "EXTERNAL"}, "credits": [{"lang": "en", "type": "reporter", "value": "F5 acknowledges Arkadi Vainbrand for bringing this issue to our attention and following the highest standards of coordinated disclosure."}], "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}, {"format": "CVSS", "cvssV4_0": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 8.7, "Automatable": "NOT_DEFINED", "attackVector": "NETWORK", "baseSeverity": "HIGH", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N", "providerUrgency": "NOT_DEFINED", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "NONE", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "HIGH", "subConfidentialityImpact": "NONE", "vulnConfidentialityImpact": "NONE", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "F5", "modules": ["ngx_mail_auth_http_module"], "product": "NGINX Open Source", "versions": [{"status": "affected", "version": "1.29.0", "lessThan": "1.29.7", "versionType": "semver"}, {"status": "affected", "version": "0.5.15", "lessThan": "1.28.3", "versionType": "semver"}], "defaultStatus": "unknown"}, {"vendor": "F5", "modules": ["ngx_mail_auth_http_module"], "product": "NGINX Plus", "versions": [{"status": "affected", "version": "R36", "lessThan": "R36 P3", "versionType": "custom"}, {"status": "affected", "version": "R35", "lessThan": "R35 P2", "versionType": "custom"}, {"status": "affected", "version": "R34", "lessThan": "*", "versionType": "custom"}, {"status": "affected", "version": "R33", "lessThan": "*", "versionType": "custom"}, {"status": "affected", "version": "R32", "lessThan": "R32 P5", "versionType": "custom"}], "defaultStatus": "unaffected"}], "datePublic": "2026-03-24T14:00:00.000Z", "references": [{"url": "https://my.f5.com/manage/s/article/K000160383", "tags": ["vendor-advisory"]}], "x_generator": {"engine": "F5 SIRTBot v1.0"}, "descriptions": [{"lang": "en", "value": "When the ngx_mail_auth_http_module\u00a0module is enabled on NGINX Plus or NGINX Open Source, undisclosed requests can cause worker processes to terminate. This issue may occur when (1) CRAM-MD5 or APOP authentication is enabled, and (2) the authentication server permits retry by returning the Auth-Wait response header. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.", "supportingMedia": [{"type": "text/html", "value": "<span style=\"background-color: rgb(255, 255, 255);\">When the </span><strong>ngx_mail_auth_http_module</strong><span style=\"background-color: rgb(255, 255, 255);\">&nbsp;module is enabled on NGINX Plus or NGINX Open Source, undisclosed requests can cause worker processes to terminate. This issue may occur when (1) CRAM-MD5 or APOP authentication is enabled, and (2) the authentication server permits retry by returning the Auth-Wait response header.</span> Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-476", "description": "CWE-476 NULL Pointer Dereference"}]}], "providerMetadata": {"orgId": "9dacffd4-cb11-413f-8451-fbbfd4ddc0ab", "shortName": "f5", "dateUpdated": "2026-03-24T14:22:35.756Z"}}}, "cveMetadata": {"cveId": "CVE-2026-27651", "state": "PUBLISHED", "dateUpdated": "2026-03-24T15:14:13.220Z", "dateReserved": "2026-03-18T16:06:38.454Z", "assignerOrgId": "9dacffd4-cb11-413f-8451-fbbfd4ddc0ab", "datePublished": "2026-03-24T14:13:27.295Z", "assignerShortName": "f5"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:f5:nginx_open_source:*:*:*:*:*:*:*:*", "matchCriteriaId": "89573E06-4D65-4D4A-B9CD-7FD8AF637342", "versionEndIncluding": "0.9.7", "versionStartIncluding": "0.5.15", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:nginx_open_source:*:*:*:*:*:*:*:*", "matchCriteriaId": "0E8049B1-4C36-4711-BB99-2721CF67FF81", "versionEndExcluding": "1.28.3", "versionStartIncluding": "1.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:nginx_open_source:*:*:*:*:*:*:*:*", "matchCriteriaId": "C0EFE28B-E8E5-464E-B407-96436CA87C8E", "versionEndExcluding": "1.29.7", "versionStartIncluding": "1.29.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:nginx_plus:*:*:*:*:*:*:*:*", "matchCriteriaId": "E7600A88-7651-4D8E-A04A-3AA81C850CC5", "versionEndExcluding": "r35", "versionStartIncluding": "r33", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:nginx_plus:r32:-:*:*:*:*:*:*", "matchCriteriaId": "36C4308E-651E-437C-84E7-10C542E3ADC2", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:nginx_plus:r32:p1:*:*:*:*:*:*", "matchCriteriaId": "FA913184-EAAD-409E-99C6-AB979DAA93F3", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:nginx_plus:r32:p2:*:*:*:*:*:*", "matchCriteriaId": "782DF180-1101-4D6A-A1D7-8DADBAF6D9D3", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:nginx_plus:r32:p3:*:*:*:*:*:*", "matchCriteriaId": "FB0B11F2-4748-492B-9906-F8C4C5EAFF12", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:nginx_plus:r32:p4:*:*:*:*:*:*", "matchCriteriaId": "86B53968-1CCA-4CF3-8454-BB92EF64D10E", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:nginx_plus:r35:-:*:*:*:*:*:*", "matchCriteriaId": "5D5FFD66-35C3-41AD-BD77-510E34A3AC6F", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:nginx_plus:r35:p1:*:*:*:*:*:*", "matchCriteriaId": "4958360C-7993-4C82-8685-202D4940CE01", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:nginx_plus:r36:-:*:*:*:*:*:*", "matchCriteriaId": "E7E5F940-048A-446F-9A1E-074612CEA1AC", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:nginx_plus:r36:p1:*:*:*:*:*:*", "matchCriteriaId": "7993A0FB-BE7E-4634-BF7F-FDEE3582D3E7", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:nginx_plus:r36:p2:*:*:*:*:*:*", "matchCriteriaId": "862EA47E-8D57-434E-9C8F-238325FB85B2", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "When the ngx_mail_auth_http_module\u00a0module is enabled on NGINX Plus or NGINX Open Source, undisclosed requests can cause worker processes to terminate. This issue may occur when (1) CRAM-MD5 or APOP authentication is enabled, and (2) the authentication server permits retry by returning the Auth-Wait response header. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated."}, {"lang": "es", "value": "Cuando el m\u00f3dulo ngx_mail_auth_http_module est\u00e1 habilitado en NGINX Plus o NGINX Open Source, las solicitudes no reveladas pueden causar la terminaci\u00f3n de los procesos de trabajador. Este problema puede ocurrir cuando (1) la autenticaci\u00f3n CRAM-MD5 o APOP est\u00e1 habilitada, y (2) el servidor de autenticaci\u00f3n permite reintentar al devolver el encabezado de respuesta Auth-Wait. Nota: Las versiones de software que han alcanzado el Fin del Soporte T\u00e9cnico (EoTS) no son evaluadas."}], "id": "CVE-2026-27651", "lastModified": "2026-03-30T14:02:05.790", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "f5sirt@f5.com", "type": "Primary"}], "cvssMetricV40": [{"cvssData": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "NETWORK", "availabilityRequirement": "NOT_DEFINED", "baseScore": 8.7, "baseSeverity": "HIGH", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "NONE", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "HIGH", "vulnConfidentialityImpact": "NONE", "vulnIntegrityImpact": "NONE", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "f5sirt@f5.com", "type": "Secondary"}]}, "published": "2026-03-24T15:16:32.910", "references": [{"source": "f5sirt@f5.com", "tags": ["Vendor Advisory"], "url": "https://my.f5.com/manage/s/article/K000160383"}], "sourceIdentifier": "f5sirt@f5.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-476"}], "source": "f5sirt@f5.com", "type": "Primary"}]}

{"bugzilla": {"description": "NGINX: NGINX: Denial of Service via undisclosed requests when ngx_mail_auth_http_module is enabled", "id": "2450791", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2450791"}, "csaw": false, "cvss3": {"cvss3_base_score": "7.5", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "status": "draft"}, "cwe": "CWE-476", "details": ["A flaw was found in NGINX, specifically within the ngx_mail_auth_http_module. When this module is enabled, and CRAM-MD5 or APOP authentication is active with an authentication server that permits retries, undisclosed requests can cause NGINX worker processes to terminate. This can lead to a Denial of Service (DoS), making the affected NGINX instance unavailable to legitimate users."], "mitigation": {"lang": "en:us", "value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."}, "name": "CVE-2026-27651", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:10", "fix_state": "Affected", "package_name": "nginx", "product_name": "Red Hat Enterprise Linux 10"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Affected", "package_name": "nginx:1.24/nginx", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Affected", "package_name": "nginx", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Affected", "package_name": "nginx:1.24/nginx", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Affected", "package_name": "nginx:1.26/nginx", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2026-03-24T14:13:27Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2026-27651\nhttps://nvd.nist.gov/vuln/detail/CVE-2026-27651\nhttps://my.f5.com/manage/s/article/K000160383"], "threat_severity": "Important"}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[1.29.0,1.29.7)"}}, {"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[0.5.15,1.28.3)"}}], "enrichment": {"confidence": 100.0, "confidence_source": "matching", "scores": [{"score": 100.0, "source": "matching"}]}, "original": {"product": "NGINX Open Source", "source": "cna", "vendor": "F5"}, "product": "nginx_open_source", "vendor": "f5"}, {"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "[R36,R36 P3)"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "[R35,R35 P2)"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "[R34,*]"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "[R33,*]"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "[R32,R32 P5)"}}], "enrichment": {"confidence": 100.0, "confidence_source": "matching", "scores": [{"score": 100.0, "source": "matching"}]}, "original": {"product": "NGINX Plus", "source": "cna", "vendor": "F5"}, "product": "nginx_plus", "vendor": "f5"}], "analysis": {"en": {"generated_at": "2026-03-30T16:29:22.586438+00:00", "value": {"mitigation_remediation": ["Upgrade to the latest supported NGINX Plus or NGINX Open Source that includes the fix for ngx_mail_auth_http_module.", "Disable or reconfigure CRAM\u2011MD5 and APOP authentication, or ensure the authentication server does not return the Auth\u2011Wait header.", "If mail authentication is not required, remove or disable the ngx_mail_auth_http_module from the NGINX configuration as a temporary measure.", "Restart NGINX after making changes and monitor worker processes for stability."], "summary": {"action": "Immediate Patch", "impact": "Denial of Service"}, "threat_synthesis": {"affected_systems": "Affected versions include all releases of F5\u2019s NGINX Open Source and NGINX Plus that support the ngx_mail_auth_http_module, specifically the r32, r35, and r36 series and their patch\u2011level variants (p1, p2, p3, p4, etc.). End\u2011of\u2011Support releases were not evaluated, but any unpatched configuration with the module enabled could be vulnerable.", "description_and_impact": "The ngx_mail_auth_http_module flaw in NGINX Open Source and NGINX Plus causes worker processes to terminate upon receipt of certain undocumented requests, creating a denial\u2011of\u2011service condition for mail services. The weakness is a null pointer dereference (CWE\u2011476). When CRAM\u2011MD5 or APOP authentication is enabled, an authentication server that allows retries by returning an Auth\u2011Wait header can trigger this failure due to a bad request handling path inside the module.", "risk_and_exploitability": "The CVSS score of 8.7 indicates high severity, while the EPSS score is below 1\u202f%, suggesting a low probability of current exploitation. The entry is not listed in the CISA KEV catalog. Based on the description, it is inferred that an attacker could trigger the flaw by sending crafted authentication requests when CRAM\u2011MD5 or APOP is active and the upstream server returns an Auth\u2011Wait response header. The attack vector would be remote, requiring network access to the mail server, and successful exploitation would force worker process termination, disrupting service availability."}}}}, "created": "2026-03-25T11:47:22.465646+00:00", "updated": "2026-03-30T20:58:08.763219+00:00", "vendors": ["f5", "f5$PRODUCT$nginx_open_source", "f5$PRODUCT$nginx_plus"]}