nginx 0.3.50 < 1.30.3 / 1.31.x < 1.31.2 Buffer Overread in ngx_http_charset_module

The installed version of nginx is 0.3.50 prior to 1.30.3, or 1.31.x prior to 1.31.2. It is, therefore, affected by the following issue : - NGINX Plus and NGINX Open Source have a vulnerability in the ngxhttpcharsetmodule module. When content is served or proxied through a location block with both...

Linux Distros Unpatched Vulnerability : CVE-2026-42055

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - NGINX Plus and NGINX Open Source have a vulnerability in the ngxhttpproxyv2module and ngxhttpgrpcmodule modules. This vulnerability exists when the...

USN-8398-3 nginx vulnerability

USN-8398-1 fixed a vulnerability in nginx. The update caused a regression and was temporarily reverted in USN-8398-2. This update introduces a complete fix for CVE-2026-49975. We apologize for the inconvenience. Original advisory details: It was discovered that nginx incorrectly handled certain...

TencentOS Server 4: nginx (TSSA-2026:0398)

The version of Tencent Linux installed on the remote TencentOS Server 4 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2026:0398 advisory. Package updates are available for TencentOS Server 4 that fix the following vulnerabilities...

Amazon Linux 2023 : nginx, nginx-all-modules, nginx-core (ALAS2023-2026-1773)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2026-1773 advisory. NGINX Plus and NGINX Open Source have a vulnerability in the ngxhttprewritemodule module. This vulnerability exists when a rewrite directive uses a regex pattern with distinct, overlapping Perl-...

Important: nginx

Issue Overview: NGINX Plus and NGINX Open Source have a vulnerability in the ngxhttprewritemodule module. This vulnerability exists when a rewrite directive uses a regex pattern with distinct, overlapping Perl-Compatible Regular Expression PCRE captures for example, ^/.$ and a replacement string...

Amazon Linux 2 : nginx, --advisory ALAS2NGINX1-2026-013 (ALASNGINX1-2026-013)

The version of nginx installed on the remote host is prior to 1.30.2-1. It is, therefore, affected by a vulnerability as referenced in the ALAS2NGINX1-2026-013 advisory. NGINX Plus and NGINX Open Source have a vulnerability in the ngxhttprewritemodule module. This vulnerability exists when a...

RockyLinux 10 : nginx (RLSA-2026:19159)

The remote RockyLinux 10 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2026:19159 advisory. nginx: NGINX: Arbitrary Code Execution Vulnerability CVE-2026-42945 Tenable has extracted the preceding description block directly from the RockyLinux security...

New HTTP/2 Bomb Vulnerability Allows Remote DoS on NGINX, Apache, IIS, Envoy & Cloudflare

Cybersecurity researchers have discovered a remote denial-of-service exploit that affects major web servers, including NGINX, Apache HTTPD, Microsoft IIS, Envoy, and Cloudflare Pingora. The vulnerability has been codenamed HTTP/2 Bomb by Calif. "The vulnerable behavior exists in each server's...

May Linux Patch Wednesday

May Linux Patch Wednesday. A total of 1,638 vulnerabilities 474 in the Linux kernel. For comparison, in April there were 1,035 vulnerabilities a record!. And this time it turns out to be a record again, more than one and a half times higher! The acceleration is both impressive and alarming. But w...

Critical: Red Hat Security Advisory: Red Hat OpenShift Data Foundation 4.14.33 security, enhancement & bug fix update

Red Hat OpenShift Data Foundation 4.14.33 security, enhancement & bug fix update Red Hat OpenShift Data Foundation 4.14.33 security, enhancement & bug fix update FIXED BUGS: ========== DFBUGS-6993: RHODF 4.14.33 release NGINX: Arbitrary Code Execution Vulnerability CVE-2026-42945...

Critical: Red Hat Security Advisory: Red Hat OpenShift Data Foundation 4.16.29 security, enhancement & bug fix update

Red Hat OpenShift Data Foundation 4.16.29 security, enhancement & bug fix update Red Hat OpenShift Data Foundation 4.16.29 security, enhancement & bug fix update FIXED BUGS: ========== DFBUGS-7034: RHODF 4.16.29 release NGINX: Arbitrary Code Execution Vulnerability CVE-2026-42945...

Critical: Red Hat Security Advisory: Red Hat OpenShift Data Foundation 4.18.23 security, enhancement & bug fix update

Red Hat OpenShift Data Foundation 4.18.23 security, enhancement & bug fix update Red Hat OpenShift Data Foundation 4.18.23 security, enhancement & bug fix update FIXED BUGS: ========== DFBUGS-7032: RHODF 4.18.23 release NGINX: Arbitrary Code Execution Vulnerability CVE-2026-42945...

Critical: Red Hat Security Advisory: Red Hat OpenShift Data Foundation 4.21.6 security, enhancement & bug fix update

Red Hat OpenShift Data Foundation 4.21.6 security, enhancement & bug fix update Red Hat OpenShift Data Foundation 4.21.6 security, enhancement & bug fix update FIXED BUGS: ========== DFBUGS-6964: RHODF 4.21.6 release NGINX: Arbitrary Code Execution Vulnerability CVE-2026-42945...

Exploit for CVE-2026-42945

CVE-2026-42945-Nginx-RCE-bypass-ASLR CVE-202...

Exploit for CVE-2026-42945

NGINX Rift — CVE-2026-42945 RCE proof-of-concept for CVE-20...

RockyLinux 9 : nginx (RLSA-2026:18029)

The remote RockyLinux 9 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2026:18029 advisory. nginx: NGINX: Arbitrary Code Execution Vulnerability CVE-2026-42945 Tenable has extracted the preceding description block directly from the RockyLinux security...

TencentOS Server 3: nginx:1.24 (TSSA-2026:0338)

The version of Tencent Linux installed on the remote TencentOS Server 3 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2026:0338 advisory. Package updates are available for TencentOS Server 3 that fix the following vulnerabilities:...

Ubuntu 22.04 LTS / 24.04 LTS / 25.10 / 26.04 LTS : nginx vulnerability (USN-8271-1)

The remote Ubuntu 22.04 LTS / 24.04 LTS / 25.10 / 26.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-8271-1 advisory. It was discovered that the nginx ngxhttprewritemodule component incorrectly handled certain rewrite directives. A remote attacker...

Critical: Red Hat Security Advisory: nginx security update

An update for nginx is now available for Red Hat Enterprise Linux 10. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the...