Packages
- nginx - small, powerful, scalable web/proxy server
Details
It was discovered that the nginx ngx_mail_smtp_module module incorrectly
handled certain memory operations when doing SMTP authentication. This
could possibly result in sensitive information being sent to the
authentication server. (CVE-2025-53859)
It was discovered that nginx incorrectly handled proxying to upstream TLS
servers. An attacker could possibly use this issue to insert plain text
data into the response from an upstream proxied server. (CVE-2026-1642)
It was discovered that the nginx ngx_mail_auth_http_module module
incorrectly handled certain requests. An attacker could possibly use this
issue to cause nginx to crash, resulting in a denial of service.
(CVE-2026-27651)
It was discovered that the nginx ngx_http_dav_module module incorrectly
handled certain destination URIs. An attacker could use...
It was discovered that the nginx ngx_mail_smtp_module module incorrectly
handled certain memory operations when doing SMTP authentication. This
could possibly result in sensitive information being sent to the
authentication server. (CVE-2025-53859)
It was discovered that nginx incorrectly handled proxying to upstream TLS
servers. An attacker could possibly use this issue to insert plain text
data into the response from an upstream proxied server. (CVE-2026-1642)
It was discovered that the nginx ngx_mail_auth_http_module module
incorrectly handled certain requests. An attacker could possibly use this
issue to cause nginx to crash, resulting in a denial of service.
(CVE-2026-27651)
It was discovered that the nginx ngx_http_dav_module module incorrectly
handled certain destination URIs. An attacker could use this issue to cause
nginx to crash, resulting in a denial of service, or possibly modify source
or destination names outside of the document root. (CVE-2026-27654)
It was discovered that the nginx ngx_http_mp4_module module incorrectly
handled certain MP4 files. An attacker could use this issue to cause nginx
to crash, resulting in a denial of service, or possibly execute arbitrary
code. (CVE-2026-27784, CVE-2026-32647)
It was discovered that the nginx ngx_mail_smtp_module module incorrectly
handled certain CRLF sequences. An attacker could possibly use this issue
to inject arbitrary SMTP headers. (CVE-2026-28753)
It was discovered that nginx contained a use-after-free vulnerability in
the ngx_http_ssl_module module when client certificate verification and
OCSP validation were enabled. A remote attacker could use this issue to
cause nginx to crash, resulting in a denial of service, or possibly modify
data in memory. (CVE-2026-40701)
It was discovered that nginx did not properly handle certain proxied
responses in the ngx_http_charset_module module. A remote attacker could
possibly use this issue to obtain sensitive information or cause nginx to
crash, resulting in a denial of service. (CVE-2026-42934)
It was discovered that the nginx ngx_http_rewrite_module component
incorrectly handled certain rewrite directives. A remote attacker could use
this issue to cause nginx to crash, resulting in a denial of service, or
possibly execute arbitrary code. (CVE-2026-42945)
It was discovered that nginx did not properly process certain SCGI and
uWSGI responses. An attacker able to perform a machine-in-the-middle attack
could possibly use this issue to obtain sensitive information or cause
nginx to crash, resulting in a denial of service. (CVE-2026-42946)
It was discovered that nginx incorrectly handled certain rewrite rules in
the ngx_http_rewrite_module module. A remote attacker could use this issue
to cause nginx to crash, resulting in a denial of service, or possibly
execute arbitrary code. (CVE-2026-9256)
Update instructions
In general, a standard system update will make all the necessary changes.
Learn more about how to get the fixes.The problem can be corrected by updating your system to the following package versions:
| Ubuntu Release | Package Version | ||
|---|---|---|---|
| 20.04 LTS focal | libnginx-mod-http-headers-more-filter – 1.18.0-0ubuntu1.7+esm1 | ||
| libnginx-mod-http-lua – 1.18.0-0ubuntu1.7+esm1 | |||
| libnginx-mod-mail – 1.18.0-0ubuntu1.7+esm1 | |||
| libnginx-mod-nchan – 1.18.0-0ubuntu1.7+esm1 | |||
| libnginx-mod-rtmp – 1.18.0-0ubuntu1.7+esm1 | |||
| nginx – 1.18.0-0ubuntu1.7+esm1 | |||
| nginx-core – 1.18.0-0ubuntu1.7+esm1 | |||
| nginx-extras – 1.18.0-0ubuntu1.7+esm1 | |||
| nginx-full – 1.18.0-0ubuntu1.7+esm1 | |||
| nginx-light – 1.18.0-0ubuntu1.7+esm1 | |||
| 18.04 LTS bionic | libnginx-mod-http-auth-pam – 1.14.0-0ubuntu1.11+esm2 | ||
| libnginx-mod-http-cache-purge – 1.14.0-0ubuntu1.11+esm2 | |||
| libnginx-mod-http-dav-ext – 1.14.0-0ubuntu1.11+esm2 | |||
| libnginx-mod-http-echo – 1.14.0-0ubuntu1.11+esm2 | |||
| libnginx-mod-http-fancyindex – 1.14.0-0ubuntu1.11+esm2 | |||
| libnginx-mod-http-geoip – 1.14.0-0ubuntu1.11+esm2 | |||
| libnginx-mod-http-headers-more-filter – 1.14.0-0ubuntu1.11+esm2 | |||
| libnginx-mod-http-image-filter – 1.14.0-0ubuntu1.11+esm2 | |||
| libnginx-mod-http-lua – 1.14.0-0ubuntu1.11+esm2 | |||
| libnginx-mod-http-ndk – 1.14.0-0ubuntu1.11+esm2 | |||
| libnginx-mod-http-perl – 1.14.0-0ubuntu1.11+esm2 | |||
| libnginx-mod-http-subs-filter – 1.14.0-0ubuntu1.11+esm2 | |||
| libnginx-mod-http-uploadprogress – 1.14.0-0ubuntu1.11+esm2 | |||
| libnginx-mod-http-upstream-fair – 1.14.0-0ubuntu1.11+esm2 | |||
| libnginx-mod-http-xslt-filter – 1.14.0-0ubuntu1.11+esm2 | |||
| libnginx-mod-mail – 1.14.0-0ubuntu1.11+esm2 | |||
| libnginx-mod-nchan – 1.14.0-0ubuntu1.11+esm2 | |||
| libnginx-mod-rtmp – 1.14.0-0ubuntu1.11+esm2 | |||
| libnginx-mod-stream – 1.14.0-0ubuntu1.11+esm2 | |||
| nginx – 1.14.0-0ubuntu1.11+esm2 | |||
| nginx-core – 1.14.0-0ubuntu1.11+esm2 | |||
| nginx-extras – 1.14.0-0ubuntu1.11+esm2 | |||
| nginx-full – 1.14.0-0ubuntu1.11+esm2 | |||
| nginx-light – 1.14.0-0ubuntu1.11+esm2 | |||
| 16.04 LTS xenial | nginx – 1.10.3-0ubuntu0.16.04.5+esm7 | ||
| nginx-core – 1.10.3-0ubuntu0.16.04.5+esm7 | |||
| nginx-extras – 1.10.3-0ubuntu0.16.04.5+esm7 | |||
| nginx-full – 1.10.3-0ubuntu0.16.04.5+esm7 | |||
| nginx-light – 1.10.3-0ubuntu0.16.04.5+esm7 | |||
| 14.04 LTS trusty | nginx – 1.4.6-1ubuntu3.9+esm6 | ||
| nginx-common – 1.4.6-1ubuntu3.9+esm6 | |||
| nginx-core – 1.4.6-1ubuntu3.9+esm6 | |||
| nginx-extras – 1.4.6-1ubuntu3.9+esm6 | |||
| nginx-full – 1.4.6-1ubuntu3.9+esm6 | |||
| nginx-light – 1.4.6-1ubuntu3.9+esm6 | |||
| nginx-naxsi – 1.4.6-1ubuntu3.9+esm6 | |||
Reduce your security exposure
Ubuntu Pro provides ten-year security coverage to 25,000+ packages in Main and Universe repositories, and it is free for up to five machines.
References
- CVE-2026-9256
- CVE-2026-42946
- CVE-2026-42945
- CVE-2026-42934
- CVE-2026-40701
- CVE-2026-32647
- CVE-2026-28753
- CVE-2026-27784
- CVE-2026-27654
- CVE-2026-27651
- CVE-2026-9256
- CVE-2026-42946
- CVE-2026-42945
- CVE-2026-42934
- CVE-2026-40701
- CVE-2026-32647
- CVE-2026-28753
- CVE-2026-27784
- CVE-2026-27654
- CVE-2026-27651
- CVE-2026-1642
- CVE-2025-53859