A vulnerability categorized as problematic has been discovered in F5 NGINX Open Source and NGINX Plus . Affected is the function ngx_mail_auth_http_module of the component Response Header Handler . Executing a manipulation can lead to null pointer dereference. This vulnerability is registered as CVE-2026-27651 . It is possible to launch the attack remotely. No exploit is available. It is advisable to upgrade the affected component.