The 32-bit implementation of NGINX Open Source has a vulnerability in the ngx_http_mp4_module module, which might allow an attacker to over-read or over-write NGINX worker memory resulting in its termination, using a specially crafted MP4 file. The issue only affects 32-bit NGINX Open Source if it is built with the ngx_http_mp4_module module and the mp4 directive is used in the configuration file. Additionally, the attack is possible only if an attacker can trigger the processing of a specially

Successful exploitation of CVE-2026-27784 allows an attacker to trigger a denial-of-service (DoS) condition by causing Nginx worker processes to crash. The vulnerability stems from an issue in the 32-bit implementation of the ngxhttpmp4_module module. The crafted MP4 file exploits a flaw in how Nginx handles the file, leading to memory over-read or over-write. This is particularly concerning for environments heavily reliant on Nginx for serving media content, as a malicious MP4 file could disrupt service availability. The attack requires the attacker to be able to trigger the processing of the crafted MP4 file by Nginx.

Organizations running 32-bit Nginx Open Source installations with the ngxhttpmp4_module enabled and the mp4 directive configured are at risk. This includes media streaming services, video hosting platforms, and any application relying on Nginx to serve MP4 content. Legacy systems or those with limited resources may be slower to upgrade, increasing their exposure window.

• linux / server:

journalctl -u nginx -g "ngx_http_mp4_module" | grep -i error

• generic web:

curl -I http://your-nginx-server/stream.mp4 | grep -i "Content-Type: multipart/x-mixed-replace"

• nginx: Check nginx configuration files for the presence of the mp4 directive and the inclusion of the ngxhttpmp4_module module. Review Nginx error logs for any unusual crashes or memory-related errors.

1. 2026-03-24Disclosure

   disclosure

1. Reservado2026-03-18
2. Publicada2026-03-24
3. Modificada2026-03-30
4. EPSS atualizado2026-04-01

The primary mitigation for CVE-2026-27784 is to upgrade Nginx Open Source to version 1.29.7 or later. If upgrading is not immediately feasible, consider disabling the ngxhttpmp4_module module by removing it from the Nginx configuration file. This will prevent the processing of MP4 files by the vulnerable module. Additionally, implement strict input validation for MP4 files served by Nginx to prevent the upload or processing of potentially malicious files. Monitor Nginx error logs for unusual crashes or memory-related errors that could indicate exploitation attempts. After upgrading, confirm the fix by attempting to serve a known-good MP4 file and verifying that Nginx processes it without errors.