Back

Multiple nginx Vulnerabilities Discovered in Ubuntu Security Advisory

Severity: High (Score: 70.5)

Sources: Linuxsecurity, Ubuntu

Published: 2026-06-03 · Updated: 2026-06-03

Keywords: ubuntu, nginx, security, vulnerabilities, advisory, critical, usn-8375-1

Severity indicators: critical, vulnerabilities

Summary

On June 3, 2026, Ubuntu published a security advisory detailing multiple vulnerabilities in nginx affecting various Ubuntu LTS versions. Key issues include improper handling of memory operations in the ngx_mail_smtp_module (CVE-2025-53859), which could leak sensitive information, and flaws in the ngx_http_dav_module that could lead to denial of service (CVE-2026-27654). Other vulnerabilities could allow attackers to insert plaintext data into responses (CVE-2026-1642) and cause crashes (CVE-2026-27651). These vulnerabilities impact Ubuntu 20.04, 18.04, 16.04, and 14.04 LTS. Administrators are urged to update their systems to mitigate these risks. The advisory emphasizes the critical nature of these vulnerabilities, particularly for systems exposed to untrusted networks. Key Points: • Multiple critical vulnerabilities in nginx affect several Ubuntu LTS versions. • CVE-2025-53859 could leak sensitive information during SMTP authentication. • Immediate updates are recommended to mitigate risks associated with these vulnerabilities.

Detailed Analysis

**Impact** Ubuntu 14.04 LTS through 20.04 LTS and their derivatives are affected by multiple nginx vulnerabilities, impacting potentially millions of servers globally that rely on these distributions. The vulnerabilities could lead to sensitive information disclosure, denial of service, and remote code execution, affecting sectors dependent on web and mail services such as finance, healthcare, and government. Operational consequences include service outages and data compromise, with risks extending to any organization using nginx for SMTP authentication, proxying, or media streaming. **Technical Details** Exploits target nginx modules including ngx_mail_smtp_module (CVE-2025-53859), ngx_mail_auth_http_module (CVE-2026-27651), ngx_http_dav_module (CVE-2026-27654), ngx_http_mp4_module (CVE-2026-27784, CVE-2026-32647), ngx_http_ssl_module (CVE-2026-40701), ngx_http_charset_module (CVE-2026-42934), and ngx_http_rewrite_module (CVE-2026-42945). Attack vectors include malformed SMTP authentication requests, proxying to upstream TLS servers allowing plaintext injection, and crafted MP4 files causing crashes or code execution. The kill chain stages primarily involve exploitation of memory handling flaws leading to denial of service or arbitrary code execution. No specific malware, tools, or IOCs were reported. **Recommended Response** Apply the updated nginx packages provided by Ubuntu Pro for all affected LTS versions immediately, including libnginx-modules and nginx core packages at versions 1.18.0-0ubuntu1.7+esm1 or later. Harden configurations related to SMTP authentication, upstream TLS proxying, and media file handling. Monitor nginx logs for crashes or unusual proxy responses indicative of exploitation attempts. No additional IOCs or detection signatures were provided; therefore, focus on patch management and anomaly detection.

Source articles (2)

  • USN-8375-1: nginx vulnerabilities — Ubuntu · 2026-06-03
    It was discovered that the nginx ngx_mail_smtp_module module incorrectly handled certain memory operations when doing SMTP authentication. This could possibly result in sensitive information being sen…
  • Ubuntu 20.04 LTS nginx Security Advisory for Critical DoS Vulnerabilities — Linuxsecurity · 2026-06-03
    A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 20.04 LTS - Ubuntu 18.04 LTS - Ubuntu 16.04 LTS - Ubuntu 14.04 LTS Summary: Several security issues were fixed in nginx.…

Timeline

  • 2025-08-13 — CVE-2025-53859 published: A vulnerability in ngx_mail_smtp_module could leak sensitive information during SMTP authentication.
  • 2026-02-04 — CVE-2026-1642 published: Improper handling of proxying to upstream TLS servers could allow plaintext data insertion.
  • 2026-03-24 — CVE-2026-27651 published: Vulnerability in ngx_mail_auth_http_module could cause nginx to crash, leading to denial of service.
  • 2026-03-24 — CVE-2026-27654 published: Improper handling of destination URIs in ngx_http_dav_module could lead to denial of service.
  • 2026-03-24 — CVE-2026-32647 published: Vulnerability assigned a CVE identifier and published in the National Vulnerability Database.
  • 2026-03-24 — CVE-2026-27784 published: Vulnerability assigned a CVE identifier and published in the National Vulnerability Database.
  • 2026-03-24 — CVE-2026-28753 published: Vulnerability assigned a CVE identifier and published in the National Vulnerability Database.
  • 2026-05-13 — CVE-2026-40701 published: Vulnerability assigned a CVE identifier and published in the National Vulnerability Database.
  • 2026-05-13 — CVE-2026-42945 published: Vulnerability assigned a CVE identifier and published in the National Vulnerability Database.
  • 2026-05-13 — CVE-2026-42946 published: Vulnerability assigned a CVE identifier and published in the National Vulnerability Database.

CVEs

  • CVE-2025-53859
  • CVE-2026-1642
  • CVE-2026-27651
  • CVE-2026-27654
  • CVE-2026-27784
  • CVE-2026-28753
  • CVE-2026-32647
  • CVE-2026-40701
  • CVE-2026-42934
  • CVE-2026-42945
  • CVE-2026-42946
  • CVE-2026-9256

Related entities

  • DDoS (Attack Type)
  • CWE-200 - Exposure of Sensitive Information (Cwe)
  • Cwe-416 - Use After Free (Cwe)
  • Nginx (Tool)
  • Ubuntu (Company)
Loading threat details...

Threat Not Found

The threat cluster you're looking for doesn't exist or has been removed.

Return to Feed