Linuxsecurity

Multiple nginx Vulnerabilities Discovered in Ubuntu Security Advisory

3 Jun 2026 • Ubuntu

•90% similarity •70.5

Article Content

Include sub-articles 1 / 1

Browse articles

ThreatCluster

On June 3, 2026, Ubuntu published a security advisory detailing multiple vulnerabilities in nginx affecting various Ubuntu LTS versions. Key issues include improper handling of memory operations in the ngx_mail_smtp_module (CVE-2025-53859), which could leak sensitive information, and flaws in the ngx_http_dav_module that could lead to denial of service (CVE-2026-27654). Other vulnerabilities could allow attackers to insert plaintext data into responses (CVE-2026-1642) and cause crashes (CVE-2026-27651). These vulnerabilities impact Ubuntu 20.04, 18.04, 16.04, and 14.04 LTS. Administrators are urged to update their systems to mitigate these risks. The advisory emphasizes the critical nature of these vulnerabilities, particularly for systems exposed to untrusted networks.

Key Points: • Multiple critical vulnerabilities in nginx affect several Ubuntu LTS versions. • CVE-2025-53859 could leak sensitive information during SMTP authentication. • Immediate updates are recommended to mitigate risks associated with these vulnerabilities.

ThreatCluster AI

Timeline

2025-08-13

CVE-2025-53859 published

A vulnerability in ngx_mail_smtp_module could leak sensitive information during SMTP authentication.

Ubuntu

2026-02-04

CVE-2026-1642 published

Improper handling of proxying to upstream TLS servers could allow plaintext data insertion.

Ubuntu

2026-03-24

CVE-2026-27651 published

Vulnerability in ngx_mail_auth_http_module could cause nginx to crash, leading to denial of service.

Ubuntu

2026-03-24

CVE-2026-27654 published

Improper handling of destination URIs in ngx_http_dav_module could lead to denial of service.

Ubuntu

2026-03-24

CVE-2026-32647 published