NGINX ngx_stream_ssl_module vulnerability — CVE-2026-28755

Summary

Advisory CVE-2026-28755. NGINX ngx_stream_ssl_module vulnerability Vendor: Microsoft. Source: MSRC. Threat: medium. CVSS 5.4. See the official advisory for details.

What to do

General, cautious steps (verify details in the official source):

• Review exposure and plan remediation based on risk and environment.
• Identify affected product versions in your inventory and verify whether you are impacted.
• Apply vendor patches/updates or recommended mitigations as soon as available.
• Read the official advisory for exact affected versions and remediation steps.

Official advisory

Read the official source

Related advisories

• etcd: Nested etcd transactions bypass RBAC authorization checks CVE-2026-33343
• Microsoft Edge (Chromium-based) Defense in Depth Vulnerability CVE-2026-32187
• Binutils: out-of-bounds read in xcoff relocation processing in gnu binutils bfd library CVE-2026-4647
• icmp: fix NULL pointer dereference in icmp_tag_validation() CVE-2026-23398
• Mariner CVE-2026-34085
• nfnetlink_osf: validate individual option lengths in fingerprints CVE-2026-23397
• Squid has issues in ICP message handling CVE-2026-33515
• wifi: mac80211: fix NULL deref in mesh_matches_local() CVE-2026-23396
• arm64: io: Extract user memory type in ioremap_prot() CVE-2026-23346
• atm: lec: fix null-ptr-deref in lec_arp_clear_vccs CVE-2026-23286
• bpf, arm64: Force 8-byte alignment for JIT buffer to prevent atomic tearing CVE-2026-23383
• bpf: Fix a UAF issue in bpf_trampoline_link_cgroup_shim CVE-2026-23319