NGINX ngx_mail_proxy_module vulnerability — CVE-2026-28753

Summary

Advisory CVE-2026-28753. NGINX ngx_mail_proxy_module vulnerability Vendor: Microsoft. Source: MSRC. Threat: low. CVSS 3.7. See the official advisory for details.

What to do

General, cautious steps (verify details in the official source):

• Review exposure and plan remediation based on risk and environment.
• Identify affected product versions in your inventory and verify whether you are impacted.
• Apply vendor patches/updates or recommended mitigations as soon as available.
• Read the official advisory for exact affected versions and remediation steps.

Official advisory

Read the official source

Related advisories

• Libsoup: libsoup: header and http request injection via crlf injection CVE-2026-3633
• Libsoup: libsoup: http header injection and response splitting via crlf injection in content-type header CVE-2026-3634
• Libsoup: libsoup: http smuggling and server-side request forgery via malformed hostnames CVE-2026-3632
• Mariner CVE-2026-32778
• FileInfo can escape from a Root in os CVE-2026-27139
• etcd: Nested etcd transactions bypass RBAC authorization checks CVE-2026-33343
• Microsoft Edge (Chromium-based) Defense in Depth Vulnerability CVE-2026-32187
• Binutils: out-of-bounds read in xcoff relocation processing in gnu binutils bfd library CVE-2026-4647
• Github.com/antchfx/xpath: xpath: denial of service via crafted boolean xpath expressions CVE-2026-4645
• icmp: fix NULL pointer dereference in icmp_tag_validation() CVE-2026-23398
• Libtiff: libtiff: arbitrary code execution or denial of service via signed integer overflow in tiff file processing CVE-2026-4775
• Mariner CVE-2026-34085