A vulnerability labeled as problematic has been found in F5 NGINX Open Source and NGINX Plus . Affected by this issue is the function ngx_http_mp4_module . The manipulation results in out-of-bounds read. This vulnerability is reported as CVE-2026-32647 . The attack requires a local approach. No exploit exists. The affected component should be upgraded.