{"description":"Trending threats, MITRE ATT\u0026CK coverage, and detection metadata — refreshed continuously.","feed_url":"https://feed.craftedsignal.io/tags/mail-proxy/","home_page_url":"https://feed.craftedsignal.io/","items":[{"_cs_actors":[],"_cs_cves":[],"_cs_exploited":false,"_cs_products":[],"_cs_severities":["high"],"_cs_tags":["nginx","denial-of-service","mail proxy","cve-2026-27651"],"_cs_type":"advisory","_cs_vendors":[],"content_html":"\u003cp\u003eCVE-2026-27651 is a denial-of-service vulnerability affecting NGINX Plus and NGINX Open Source. The vulnerability occurs when the \u003ccode\u003engx_mail_auth_http_module\u003c/code\u003e module is enabled, and the server is configured to use CRAM-MD5 or APOP authentication. An attacker can exploit this by sending undisclosed requests that cause worker processes to terminate, leading to a denial-of-service condition. The vulnerability is triggered when the authentication server permits retry by returning the \u003ccode\u003eAuth-Wait\u003c/code\u003e…\u003c/p\u003e\n","date_modified":"2026-03-24T15:16:32Z","date_published":"2026-03-24T15:16:32Z","id":"/briefs/2026-03-nginx-dos/","summary":"NGINX Plus and NGINX Open Source are vulnerable to a denial-of-service condition (CVE-2026-27651) when the ngx_mail_auth_http_module is enabled, CRAM-MD5 or APOP authentication is used, and the authentication server permits retry via the Auth-Wait response header, leading to worker process termination.","title":"NGINX ngx_mail_auth_http_module Denial-of-Service Vulnerability (CVE-2026-27651)","url":"https://feed.craftedsignal.io/briefs/2026-03-nginx-dos/"}],"language":"en","title":"CraftedSignal Threat Feed — Mail Proxy","version":"https://jsonfeed.org/version/1.1"}