Alerts This Week
Warning Icon 1 609
Alerts This Week
Warning Icon 1 609

SUSE nginx Important Memory Overread Buffer Overflow Vuln 2026-1761-1

suse
Calendar Grey May 8, 2026
Dist Suse Esm H88
Critical update released for nginx on SUSE fixes four security issues including buffer overflow and data injection.
An update that solves four vulnerabilities can now be installed.

Summary

## This update for nginx fixes the following issues: * CVE-2026-1642: plain text data injection into the response from an upstream proxied server via MITM attack (bsc#1257675). * CVE-2026-27654: buffer overflow in the NGINX worker process via the `ngx_http_dav_module` module (bsc#1260416). * CVE-2026-27784: NGINX worker memory overread or overwrite via a specially crafted MP4 file (bsc#1260417). * CVE-2026-28753: arbitrary header injection into SMTP upstream requests via attacker-controlled DNS server (bsc#1260418). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.6 zypper in -t patch SUSE-2026-1761=1

Topics%20covered

Topics Covered

security advisory buffer overflow SuSE important nginx data injection

References

* bsc#1257675

* bsc#1260416

* bsc#1260417

* bsc#1260418

Cross-

* CVE-2026-1642

* CVE-2026-27654

* CVE-2026-27784

* CVE-2026-28753

CVSS scores:

* CVE-2026-1642 ( SUSE ): 8.2

CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N

* CVE-2026-1642 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

* CVE-2026-1642 ( NVD ): 8.2

CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

* CVE-2026-1642 ( NVD ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

* CVE-2026-27654 ( SUSE ): 8.3

CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:L/VA:H/SC:N/SI:N/SA:N

* CVE-2026-27654 ( SUSE ): 8.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H

Severity
important
Lowest
Low
Medium
High
Critical

Announcement ID: SUSE-SU-2026:1761-1
Release Date: 2026-05-08T08:58:17Z
Rating: important

Topics%20covered

Topics Covered

security advisory buffer overflow SuSE important nginx data injection

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Related News

Your message here