Hackers News Hackers News
  • CyberSecurity News
  • Threats
  • Attacks
  • Vulnerabilities
  • Breaches
  • Comparisons

Social Media

Hackers News Hackers News
  • CyberSecurity News
  • Threats
  • Attacks
  • Vulnerabilities
  • Breaches
  • Comparisons
Search the Site
Popular Searches:
technology Amazon AI
Recent Posts
Nebula AI Platform Automates Pen Testing to Find Vulnerabilities
July 3, 2026
PureLog Stealer Uses Blogspot and PowerShell to Deliver Malware
July 3, 2026
FBI Warns TeamPCP Hackers Exploit Developer Tools in Supply Chain Attacks
July 3, 2026
Home/CyberSecurity News/Critical F5 NGINX Vulnerability Lets Attackers Execute Code via MP4 Files
CyberSecurity News

Critical F5 NGINX Vulnerability Lets Attackers Execute Code via MP4 Files

Key Takeaways A critical vulnerability, CVE-2026-32647, affects both NGINX Open Source and NGINX Plus, potentially allowing remote code execution or denial-of-service. The flaw resides in the...

David kimber
David kimber
March 25, 2026 3 Min Read
63 0

Key Takeaways

  • A critical vulnerability, CVE-2026-32647, affects both NGINX Open Source and NGINX Plus, potentially allowing remote code execution or denial-of-service.
  • The flaw resides in the ngx_http_mp4_module, exploitable via specially crafted MP4 files.
  • Impacted versions range from NGINX Plus R32-R36 and NGINX Open Source 1.1.19-1.29.6.
  • F5 has released patches, and immediate updates are strongly recommended.

A significant security flaw has been identified in F5’s NGINX Open Source and NGINX Plus web servers, posing a risk of denial-of-service (DoS) or arbitrary code execution. Cataloged as CVE-2026-32647, this vulnerability carries a high CVSS v4.0 base score of 8.5 and a CVSS v3.1 score of 7.8.

Table Of Content

  • Key Takeaways
  • F5 NGINX Plus and Open Source Vulnerability Details
  • What You Should Do

The vulnerability enables authenticated local attackers to disrupt services or potentially execute malicious code on the compromised system. F5 has confirmed that the issue is confined to the application’s data plane, with no exposure in the control plane. Credit for discovering and responsibly disclosing this flaw goes to researchers Xint Code and Pavel Kohout from Aisle Research.

F5 NGINX Plus and Open Source Vulnerability Details

The root cause of this security vulnerability is an out-of-bounds read error, categorized under CWE-125. This memory corruption bug is specifically located within the ngx_http_mp4_module. Attackers can leverage this weakness by tricking the NGINX server into processing a maliciously crafted MP4 file.

Upon parsing the malformed media file, the NGINX worker process experiences a buffer overflow or underflow in its memory. This memory manipulation leads to the immediate termination of the worker process, causing a temporary disruption of active network traffic while the system attempts to restart the process. Beyond merely causing a denial-of-service, this memory corruption could theoretically be chained by attackers to achieve remote code execution on the underlying host machine.

For an NGINX instance to be susceptible, it must have been built with the ngx_http_mp4_module and actively use the mp4 directive within its configuration. NGINX Plus includes this module by default. Conversely, NGINX Open Source users are only at risk if they explicitly compiled and enabled the module. F5 has since released software updates to address this vulnerability across all affected product lines.

Other F5 products, including BIG-IP, BIG-IQ, F5OS, and F5 Distributed Cloud, are not impacted by this vulnerability. NGINX Plus versions R32 through R36 are affected, with fixes available in R36 P3, R35 P2, and R32 P5. NGINX Open Source versions 1.1.19 through 1.29.6 are vulnerable, with patches released in versions 1.28.3 and 1.29.7.

What You Should Do

  • Update Immediately: Apply the latest patched releases for NGINX Plus (R36 P3, R35 P2, R32 P5) or NGINX Open Source (1.28.3, 1.29.7) as soon as possible.
  • Implement Configuration Mitigations: If immediate patching is not feasible, follow F5’s recommended configuration-based mitigations. This involves editing NGINX configuration files (typically in /etc/nginx) to comment out all server and location blocks that utilize the mp4 directive.
  • Validate and Reload: After modifying the configuration, validate the syntax using sudo nginx -t and then gracefully reload the NGINX service.
  • Restrict Media Publishing: As a defense-in-depth measure, limit the ability to publish audio and video files to trusted users only to prevent unauthorized actors from introducing malicious MP4 payloads.

Disclaimer: HackersRadar reports on cybersecurity threats and incidents for informational and awareness purposes only. We do not engage in hacking activities, data exfiltration, or the hosting or distribution of stolen or leaked information. All content is based on publicly available sources.

Tags:

AttackCVEExploitPatchSecurityThreatVulnerability

Share Article

David kimber

David kimber

David is a penetration tester turned security journalist with expertise in mobile security, IoT vulnerabilities, and exploit development. As an OSCP-certified security professional, David brings hands-on technical experience to his reporting on vulnerabilities and security research. His articles often feature detailed technical analysis of exploits and provide actionable defense recommendations. David maintains an active presence in the security research community and has contributed to multiple open-source security tools.

Previous Post

Critical Adobe Commerce (Magento) Bug Lets Attackers Execute Remote Code

Next Post

Mozilla Firefox 114 Patches Critical Remote Code Execution Vulnerability

No Comment! Be the first one.

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Popular Posts
Former MEP Investigating Spyware Abuses Hacked With Pegasus
July 3, 2026
Critical WatchGuard Firebox OS Flaws Let Attackers Execute Code
July 3, 2026
Critical Microsoft Exchange SSRF Vulnerability Gets Public PoC Exploit
July 3, 2026
Top Authors
Marcus Rodriguez
Marcus Rodriguez
Jennifer sherman
Jennifer sherman
Emy Elsamnoudy
Emy Elsamnoudy
Let's Connect
156k
2.25m
285k

Related Posts

Jennifer sherman
By Jennifer sherman
Threats

GlassWorm Attacks macOS via Malicious VS Code…

January 1, 2026
Emy Elsamnoudy
By Emy Elsamnoudy
Attacks

ClickFix Attack Hides Malicious Code via Stegan Security

January 1, 2026
Sarah simpson
By Sarah simpson
Vulnerabilities

MongoBleed Detector Tool Released to Detect MongoDB Vulnerability(CVE-2025-14847)

January 1, 2026
Emy Elsamnoudy
By Emy Elsamnoudy
Breaches

Conti Ransomware Gang Leaders & Infrastructure Exposed

January 1, 2026
Hackers News Hackers News
  • [email protected]

Quick Links

  • Contact Us
  • Privacy Policy
  • Terms of service

Categories

Attacks
Breaches
Comparisons
CyberSecurity News
Threats
Vulnerabilities

Let's keep in touch

receive fresh updates and breaking cyber news every day and week!

All Rights Reserved by HackersRadar ©2026

Follow Us