UBUNTU-CVE-2026-27651 | Mondoo Vulnerability Intelligence

UBUNTU-CVE-2026-27651

HIGH8.5

(When the ngx_mail_auth_http_modulemodule is enabled on NGINX Plus or N ...)

Published Apr 13, 2026

Modified 3 days ago

Details

(When the ngx_mail_auth_http_modulemodule is enabled on NGINX Plus or N ...)

Affected Packages

nginx

Ubuntu 20.04 LTS

Affected versions:

1.16.1-0ubuntu21.16.1-0ubuntu31.17.10-0ubuntu11.17.5-0ubuntu11.17.6-0ubuntu11.17.7-0ubuntu11.17.8-0ubuntu11.17.8-0ubuntu21.17.8-0ubuntu31.17.9-0ubuntu1+9 more

nginx

Ubuntu 22.04 LTS

Affected versions:

1.18.0-6ubuntu111.18.0-6ubuntu121.18.0-6ubuntu141.18.0-6ubuntu14.11.18.0-6ubuntu14.21.18.0-6ubuntu14.31.18.0-6ubuntu14.41.18.0-6ubuntu14.51.18.0-6ubuntu14.61.18.0-6ubuntu14.7+1 more

nginx

Ubuntu 24.04 LTS

Affected versions:

1.24.0-1ubuntu11.24.0-2ubuntu11.24.0-2ubuntu21.24.0-2ubuntu31.24.0-2ubuntu41.24.0-2ubuntu61.24.0-2ubuntu71.24.0-2ubuntu7.11.24.0-2ubuntu7.31.24.0-2ubuntu7.4+2 more

nginx

Ubuntu 25.10

Affected versions:

1.26.3-2ubuntu11.26.3-3ubuntu11.26.3-3ubuntu21.26.3-3ubuntu31.28.0-3ubuntu11.28.0-4ubuntu11.28.0-6ubuntu11.28.0-6ubuntu1.1

nginx

Ubuntu Pro 14.04 LTS

Affected versions:

1.4.1-3ubuntu11.4.3-2ubuntu11.4.4-1ubuntu11.4.4-2ubuntu11.4.4-4ubuntu11.4.5-1ubuntu11.4.6-1ubuntu21.4.6-1ubuntu31.4.6-1ubuntu3.11.4.6-1ubuntu3.2+12 more

nginx

Ubuntu Pro 16.04 LTS

Affected versions:

1.10.0-0ubuntu0.16.04.11.10.0-0ubuntu0.16.04.21.10.0-0ubuntu0.16.04.31.10.0-0ubuntu0.16.04.41.10.3-0ubuntu0.16.04.11.10.3-0ubuntu0.16.04.21.10.3-0ubuntu0.16.04.31.10.3-0ubuntu0.16.04.41.10.3-0ubuntu0.16.04.51.10.3-0ubuntu0.16.04.5+esm1+18 more

nginx

Ubuntu Pro 18.04 LTS

Affected versions:

1.12.1-0ubuntu21.13.10-1ubuntu11.13.12-0ubuntu11.13.6-2ubuntu11.13.6-2ubuntu21.14.0-0ubuntu11.14.0-0ubuntu1.11.14.0-0ubuntu1.101.14.0-0ubuntu1.111.14.0-0ubuntu1.11+esm1+7 more

References

REPORT

https://my.f5.com/manage/s/article/K000160383

REPORT

https://ubuntu.com/security/CVE-2026-27651

REPORT

https://www.cve.org/CVERecord?id=CVE-2026-27651

CVSS Analysis

CVSS v4.0

Exploitability

Attack Vector

NetworkAV:N