{"id":11376,"date":"2026-03-31T10:55:47","date_gmt":"2026-03-31T16:55:47","guid":{"rendered":"https:\/\/beaconlab.us\/?post_type=publicacion&#038;p=11376"},"modified":"2026-03-31T10:55:48","modified_gmt":"2026-03-31T16:55:48","slug":"alerta-2026-32-vulnerabilidad-criticas-en-productos-nginx","status":"publish","type":"publicacion","link":"https:\/\/beaconlab.us\/es\/publicacion\/alerta-2026-32-vulnerabilidad-criticas-en-productos-nginx\/","title":{"rendered":"Alerta 2026-32 Vulnerabilidad cr\u00edticas en productos NGINX"},"content":{"rendered":"\n<h2 class=\"wp-block-heading\">Producto(s) afectado(s):&nbsp;<\/h2>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>NGINX Open Source<\/strong>: Versiones 0.5.13 hasta 1.29.6.<\/li>\n\n\n\n<li><strong>NGINX Plus<\/strong>: Afectado seg\u00fan m\u00f3dulos espec\u00edficos habilitados.<\/li>\n<\/ul>\n\n\n\n<h2 class=\"wp-block-heading\">Descripci\u00f3n<\/h2>\n\n\n\n<p>Se han identificado vulnerabilidades RCE cr\u00edticas en productos NGINX que permiten denegaci\u00f3n de servicio, ejecuci\u00f3n de c\u00f3digo arbitrario o escritura de archivos fuera del directorio ra\u00edz, identificadas como CVE-2026-27654 con CVSSv3.1 8.2, CVE-2026-32647 con CVSSv3.1 7.8 y CVE-2026-27651 con CVSSv3.1 7.5.<\/p>\n\n\n\n<p>Las vulnerabilidades de mas importante y cr\u00edticas se detallan a continuaci\u00f3n<strong>:<\/strong><\/p>\n\n\n\n<figure class=\"wp-block-table\"><table class=\"has-fixed-layout\"><tbody><tr><td><strong>CVE<\/strong><\/td><td><strong>Score<\/strong><\/td><td><strong>Descripci\u00f3n<\/strong><\/td><\/tr><tr><td><strong>CVE-2026-27654<\/strong><\/td><td>8.2<\/td><td>Desbordamiento de b\u00fafer en ngx_http_dav_module v\u00eda m\u00e9todos MOVE\/COPY; permite DoS o modificaci\u00f3n de archivos fuera de ra\u00edz.<\/td><\/tr><tr><td><strong>CVE-2026-32647<\/strong><\/td><td>7.8<\/td><td>Lectura\/escritura fuera de l\u00edmites en ngx_http_mp4_module con archivos MP4 maliciosos; permite DoS o ejecuci\u00f3n de c\u00f3digo local.<\/td><\/tr><tr><td><strong>CVE-2026-27651<\/strong><\/td><td>7.5<\/td><td>Desreferencia NULL en ngx_mail_auth_http_module (CRAM-MD5\/APOP); provoca terminaci\u00f3n de workers remotos.<\/td><\/tr><\/tbody><\/table><\/figure>\n\n\n\n<h2 class=\"wp-block-heading\">Soluci\u00f3n:<\/h2>\n\n\n\n<p>El fabricante recomienda actualizar los productos afectados a la versi\u00f3n estable m\u00e1s reciente desde nginx.org:<\/p>\n\n\n\n<p><a href=\"https:\/\/nginx.org\/en\/download.html\">https:\/\/nginx.org\/en\/download.html<\/a><\/p>\n\n\n\n<h2 class=\"wp-block-heading\"><br>Mitigaci\u00f3n:<\/h2>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Deshabilita m\u00f3dulos innecesarios (dav, mp4, mail auth) hasta parchear.<br><br><\/li>\n\n\n\n<li>Monitorea logs por solicitudes sospechosas en endpoints afectados.<\/li>\n<\/ul>\n\n\n\n<h2 class=\"wp-block-heading\">Informaci\u00f3n adicional:<\/h2>\n\n\n\n<ul class=\"wp-block-list\">\n<li><a href=\"https:\/\/www.cve.org\/CVERecord?id=CVE-2026-27654\">https:\/\/www.cve.org\/CVERecord?id=CVE-2026-27654<\/a><\/li>\n\n\n\n<li>https:\/\/www.cve.org\/CVERecord?id=CVE-2026-32647<\/li>\n\n\n\n<li>https:\/\/www.cve.org\/CVERecord?id=CVE-2026-27651<\/li>\n\n\n\n<li>https:\/\/nginx.org\/en\/security_advisories.html<\/li>\n<\/ul>\n","protected":false},"featured_media":11377,"template":"","class_list":["post-11376","publicacion","type-publicacion","status-publish","has-post-thumbnail","hentry"],"acf":{"activar_pdf_link":false,"pdf":null,"numero_de_boletin":"32","traffic_light_protocol":"White"},"aioseo_notices":[],"_links":{"self":[{"href":"https:\/\/beaconlab.us\/es\/wp-json\/wp\/v2\/publicacion\/11376","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/beaconlab.us\/es\/wp-json\/wp\/v2\/publicacion"}],"about":[{"href":"https:\/\/beaconlab.us\/es\/wp-json\/wp\/v2\/types\/publicacion"}],"version-history":[{"count":1,"href":"https:\/\/beaconlab.us\/es\/wp-json\/wp\/v2\/publicacion\/11376\/revisions"}],"predecessor-version":[{"id":11379,"href":"https:\/\/beaconlab.us\/es\/wp-json\/wp\/v2\/publicacion\/11376\/revisions\/11379"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/beaconlab.us\/es\/wp-json\/wp\/v2\/media\/11377"}],"wp:attachment":[{"href":"https:\/\/beaconlab.us\/es\/wp-json\/wp\/v2\/media?parent=11376"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}