CVE-2026-27654 - Vulnerability Analysis
HighCVSS: 8.2Last Updated: March 24, 2026
NGINX - Buffer Overflow
Overview
NGINX Open Source and NGINX Plus contain a buffer overflow caused by improper handling of DAV module MOVE or COPY methods with prefix location and alias directives, letting attackers cause worker process termination or modify file names outside document root, exploit requires specific configuration with DAV module MOVE or COPY methods.
Severity & Score
Impact
Attackers can terminate worker processes or modify file names outside document root, potentially disrupting service or causing limited file tampering.
Mitigation
Update to the latest supported version of NGINX Open Source or NGINX Plus.
Social Media Activity(2 posts)
Claude + Humans vs nginx: CVE-2026-27654 https://blog.calif.io/p/claude-humans-vs-nginx-cve-2026-27654
View original post
Claude + Humans vs nginx: CVE-2026-27654 https://blog.calif.io/p/claude-humans-vs-nginx-cve-2026-27654
View original postGitHub Repositories(1 repo)
Related Resources
Details
- CVE ID
- CVE-2026-27654
- Severity
- High
- CVSS Score
- 8.2
- Type
- buffer_overflow
- Status
- unconfirmed
- EPSS
- 3.4%
- Social Posts
- 2
CWE
- CWE-122
CVSS Metrics
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H