F5 disclosed and patched multiple NGINX vulnerabilities, including the high-severity CVE-2026-32647 in ngx_http_mp4_module, which affects both NGINX Open Source and NGINX Plus. The flaw is an out-of-bounds read memory corruption issue triggered when NGINX processes a specially crafted MP4 file, allowing a local authenticated attacker to crash worker processes in the data plane and potentially achieve arbitrary code execution. F5 said the control plane is not affected and credited Xint Code and Pavel Kohout of Aisle Research with the discovery and coordinated disclosure.
The vulnerable condition impacts deployments using the mp4 directive with ngx_http_mp4_module enabled; the module is included by default in NGINX Plus, while NGINX Open Source requires it to be explicitly compiled and enabled. F5 also published advisories for CVE-2026-27654 in ngx_http_dav_module and CVE-2026-28755 in ngx_stream_ssl_module, indicating a broader set of NGINX fixes released together. The company issued patched versions for affected NGINX Plus and Open Source releases and advised organizations that cannot patch immediately to disable the MP4 module and limit media publishing to trusted users.

Mallory correlates global threat intelligence with your attack surface — know if you’re exposed before adversaries strike.
3 events from the most recent confirmed update back to the earliest known activity.
On 2026-03-24, F5 published an advisory for CVE-2026-28755 affecting the NGINX ngx_stream_ssl_module. The reference content identifies this as a separate vulnerability disclosure by F5.
On 2026-03-24, F5 published an advisory for CVE-2026-27654 affecting the NGINX ngx_http_dav_module. The reference content identifies this as a distinct vulnerability disclosure by F5.
On 2026-03-24, F5 published an advisory for CVE-2026-32647, a high-severity out-of-bounds read in ngx_http_mp4_module that can cause denial of service and potentially arbitrary code execution when processing a crafted MP4 file. F5 released patches for affected NGINX Plus and NGINX Open Source versions and noted the issue was discovered and coordinatedly disclosed by Xint Code and Pavel Kohout of Aisle Research.
Vulnerabilities, threat actors, malware, products, organizations, and breaches Mallory has linked to this story.
4 references tracked. Mallory keeps watching after this page renders.
cybersecuritynews.com
Open sourcemy.f5.com
Open sourcemy.f5.com
Open sourcemy.f5.com
Open sourceMap indicators from this story to your assets and identify affected systems in minutes.
Every observed campaign, victim, and pivot linked to actors named in this story.
Malware, exploits, and IOCs connected to the activity described here.
YARA, Sigma, and Snort rules deployed to your SIEM as soon as they’re published.
Get matching new stories delivered to your team as they break — not the next morning.
Ask questions about this story and take action on the answers.