Main Vulnerability Database Exploits ID:12743 - Exploit for Heap-based buffer overflow in NGINX Open Source and NGINX Plus - CVE-2026-27654

ID:12743 - Exploit for Heap-based buffer overflow in NGINX Open Source and NGINX Plus - CVE-2026-27654

Published: May 22, 2026

Vulnerability identifier: #VU124478

Vulnerability risk: Medium

CVE-ID: CVE-2026-27654

CWE-ID: CWE-122

Exploitation vector: Remote access

Vulnerable software:
NGINX Open Source
NGINX Plus

Link to public exploit:

https://github.com/JohannesLks/CVE-2026-27654

Vulnerability description

The vulnerability allows a remote attacker to perform a denial of service attack.

The vulnerability exists due to a boundary error in the ngx_http_dav_module module. A remote attacker can send specially crafted request to the server, trigger a heap-based buffer overflow and perform a denial of service attack or modify source or destination file names outside the document root.

Remediation

Install updates from vendor's website.

ID:12743 - Exploit for Heap-based buffer overflow in NGINX Open Source and NGINX Plus - CVE-2026-27654

Link to public exploit:

Vulnerability description

Remediation

Please verify you're human