A vulnerability identified as critical has been detected in F5 NGINX Open Source and NGINX Plus . Affected by this vulnerability is the function ngx_http_dav_module of the component DAV Module . The manipulation leads to heap-based buffer overflow. This vulnerability is documented as CVE-2026-27654 . The attack can be initiated remotely. There is not any exploit available. You should upgrade the affected component.