NGINX ngx_stream_ssl_module vulnerability_CVE-2026-28755

5.4 / 10

MEDIUM

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N

Description

NGINX Plus and NGINX Open Source have a vulnerability in the ngx_stream_ssl_module module due to the improper handling of revoked certificates when configured with the ssl_verify_client on and ssl_ocsp on directives, allowing the TLS handshake to succeed even after an OCSP check identifies the certificate as revoked.

Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

Basic Information

ID CVE-2026-28755

Source f5

Published Mar 24, 2026 at 14:13

Modified Mar 24, 2026 at 15:24

Affected Product

Vendor F5

Product NGINX Open Source

Version 1.29.0

Affected Versions F5 NGINX Open Source 1.29.0
F5 NGINX Open Source 1.27.2
F5 NGINX Plus R36
F5 NGINX Plus R35
F5 NGINX Plus R34
F5 NGINX Plus R33

CWE Classification

CWE-863

References

my.f5.com /manage/s/article/K000160368

{
    "lastseen": "",
    "description": "NGINX Plus and NGINX Open Source have a vulnerability in the ngx_stream_ssl_module module due to the improper handling of revoked certificates when configured with the ssl_verify_client on and ssl_ocsp on directives, allowing the TLS handshake to succeed even after an OCSP check identifies the certificate as revoked. \u00a0 \n\n\nNote: Software versions which have reached End of Technical Support (EoTS) are not evaluated.",
    "published": "2026-03-24T14:13:26.502Z",
    "modified": "2026-03-24T15:24:16.108Z",
    "type": "cve",
    "title": "NGINX ngx_stream_ssl_module vulnerability",
    "source": "f5",
    "references": "https://my.f5.com/manage/s/article/K000160368",
    "id": "CVE-2026-28755",
    "bulletinFamily": "",
    "cwe": [
        "CWE-863"
    ],
    "cvelist": null,
    "sourceData": "F5 NGINX Open Source 1.29.0\nF5 NGINX Open Source 1.27.2\nF5 NGINX Plus R36\nF5 NGINX Plus R35\nF5 NGINX Plus R34\nF5 NGINX Plus R33",
    "sourceHref": "",
    "cvss": {
        "score": 5.4,
        "severity": "MEDIUM",
        "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "NGINX Open Source",
    "version": "1.29.0",
    "vendor": "F5",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}