Bug 2450780 (CVE-2026-28753)

Summary: CVE-2026-28753 NGINX: NGINX Plus: NGINX Open Source: NGINX Plus and NGINX Open Source: Request manipulation via header injection in SMTP upstream requests
Product: [Other] Security Response Reporter: OSIDB Bzimport <bzimport>
Component: vulnerabilityAssignee: Product Security DevOps Team <prodsec-dev>
Status: NEW --- QA Contact:
Severity: low Docs Contact:
Priority: low    
Version: unspecifiedKeywords: Security
Target Milestone: ---   
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: ---
Doc Text:
A flaw was found in NGINX Plus and NGINX Open Source, specifically within the ngx_mail_smtp_module. This vulnerability allows an attacker-controlled DNS (Domain Name System) server to inject arbitrary headers into SMTP (Simple Mail Transfer Protocol) upstream requests. This is due to the improper handling of Carriage Return (CRLF) sequences in DNS responses. The primary consequence is the potential manipulation of these requests, which could alter their intended behavior.
 Story Points: ---
Clone Of: Environment:
Last Closed: Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 2450842    
Bug Blocks:    

Description OSIDB Bzimport 2026-03-24 15:02:06 UTC 
NGINX Plus and NGINX Open Source have a vulnerability in the ngx_mail_smtp_module due to the improper handling of CRLF sequences in DNS responses. This allows an attacker-controlled DNS server to inject arbitrary headers into SMTP upstream requests, leading to potential request manipulation. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.