Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in

nginx 1.1.19 < 1.28.3 / 1.29.x < 1.29.7 Multiple Vulnerabilities in ngx_http_mp4_module

🗓️ 16 Apr 2026 00:00:00Reported by TenableType 
nessus
 nessus🔗 www.tenable.com👁 3 Views

Nginx 1.1.19 before 1.28.3 or 1.29.x before 1.29.7 has mp4_module flaws risking memory over-read and possible code execution.

Related
Refs
Code
ReporterTitlePublishedViews
Family
ATTACKERKB		CVE-2026-32647
24 Mar 202614:13
attackerkb
ATTACKERKB		CVE-2026-27784
24 Mar 202614:13
attackerkb
Tenable Nessus		Amazon Linux 2023 : nginx, nginx-all-modules, nginx-core (ALAS2023-2026-1540)
13 Apr 202600:00
nessus
Tenable Nessus		Amazon Linux 2 : nginx, --advisory ALAS2NGINX1-2026-011 (ALASNGINX1-2026-011)
14 Apr 202600:00
nessus
Tenable Nessus		Alibaba Cloud Linux 3 : 0137: nginx (ALINUX3-SA-2026:0137)
29 May 202600:00
nessus
Tenable Nessus		AlmaLinux 10 : nginx (ALSA-2026:6906)
10 Apr 202600:00
nessus
Tenable Nessus		AlmaLinux 8 : nginx:1.24 (ALSA-2026:6907)
16 Apr 202600:00
nessus
Tenable Nessus		AlmaLinux 9 : nginx:1.24 (ALSA-2026:6923)
10 Apr 202600:00
nessus
Tenable Nessus		AlmaLinux 9 : nginx:1.26 (ALSA-2026:7343)
16 Apr 202600:00
nessus
Tenable Nessus		Debian dla-4589 : libnginx-mod-http-auth-pam - security update
18 May 202600:00
nessus
Rows per page
#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
##

include('compat.inc');

if (description)
{
  script_id(306675);
  script_version("1.2");
  script_set_attribute(attribute:"plugin_modification_date", value:"2026/04/17");

  script_cve_id("CVE-2026-27784", "CVE-2026-32647");

  script_name(english:"nginx 1.1.19 < 1.28.3 / 1.29.x < 1.29.7 Multiple Vulnerabilities in ngx_http_mp4_module");

  script_set_attribute(attribute:"synopsis", value:
"The remote web server is affected by multiple vulnerabilities.");
  script_set_attribute(attribute:"description", value:
"The installed version of nginx is 1.1.19 prior to 1.28.3, or 1.29.x prior to 1.29.7. It is, therefore, affected by
multiple vulnerabilities :

  - The 32-bit implementation of NGINX Open Source has a vulnerability in the ngx_http_mp4_module module,
    which might allow an attacker to over-read or over-write NGINX worker memory resulting in its
    termination, using a specially crafted MP4 file. The issue only affects 32-bit NGINX Open Source if it
    is built with the ngx_http_mp4_module module and the mp4 directive is used in the configuration file.
    Additionally, the attack is possible only if an attacker can trigger the processing of a specially
    crafted MP4 file with the ngx_http_mp4_module module. Note: Software versions which have reached End
    of Technical Support (EoTS) are not evaluated. (CVE-2026-27784)

  - NGINX Open Source and NGINX Plus have a vulnerability in the ngx_http_mp4_module module, which might
    allow an attacker to trigger a buffer over-read or over-write to the NGINX worker memory resulting in
    its termination or possibly code execution, using a specially crafted MP4 file. This issue affects
    NGINX Open Source and NGINX Plus if it is built with the ngx_http_mp4_module module and the mp4
    directive is used in the configuration file. Additionally, the attack is possible only if an attacker
    can trigger the processing of a specially crafted MP4 file with the ngx_http_mp4_module module. Note:
    Software versions which have reached End of Technical Support (EoTS) are not evaluated.
    (CVE-2026-32647)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version
number.");
  script_set_attribute(attribute:"see_also", value:"https://my.f5.com/manage/s/article/K000160364");
  script_set_attribute(attribute:"see_also", value:"https://my.f5.com/manage/s/article/K000160366");
  script_set_attribute(attribute:"see_also", value:"https://nginx.org/en/security_advisories.html");
  script_set_attribute(attribute:"solution", value:
"Upgrade to nginx 1.28.3 / 1.29.7 or later.");
  script_set_attribute(attribute:"agent", value:"unix");
  script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:S/C:C/I:C/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
  script_set_attribute(attribute:"cvss4_vector", value:"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N");
  script_set_attribute(attribute:"cvss4_threat_vector", value:"CVSS:4.0/E:U");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2026-32647");
  script_set_attribute(attribute:"cvss3_score_source", value:"CVE-2026-27784");
  script_set_attribute(attribute:"cvss4_score_source", value:"CVE-2026-27784");

  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");

  script_set_attribute(attribute:"vuln_publication_date", value:"2026/03/24");
  script_set_attribute(attribute:"patch_publication_date", value:"2026/03/24");
  script_set_attribute(attribute:"plugin_publication_date", value:"2026/04/16");

  script_set_attribute(attribute:"potential_vulnerability", value:"true");
  script_set_attribute(attribute:"plugin_type", value:"combined");
  script_set_attribute(attribute:"cpe", value:"cpe:/a:nginx:nginx");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Web Servers");

  script_copyright(english:"This script is Copyright (C) 2026 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("nginx_detect.nasl", "nginx_nix_installed.nbin");
  script_require_keys("Settings/ParanoidReport", "installed_sw/nginx");

  exit(0);
}

include('vcf.inc');
include('http.inc');

# ngx_http_mp4_module is not compiled by default
if (report_paranoia < 2)
  audit(AUDIT_PARANOID);

var appname = 'nginx';
get_install_count(app_name:appname, exit_if_zero:TRUE);

var app_info = vcf::combined_get_app_info(app:appname);
vcf::check_granularity(app_info:app_info, sig_segments:3);

var constraints = [
  { 'min_version' : '1.1.19', 'fixed_version' : '1.28.3' },
  { 'min_version' : '1.29.0', 'fixed_version' : '1.29.7' }
];
vcf::check_version_and_report(
    app_info:app_info,
    constraints:constraints,
    severity:SECURITY_WARNING
);

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

Book a live demo
17 Apr 2026 00:00Current
7.8High risk
Vulners AI Score7.8
CVSS 3.15.5 - 7.8
CVSS 48.5
EPSS0.00333
SSVC
Nginxmp4 modulememory overreadpossible code executionvulnerabilities
3