176 matches found
Buffer overflow in the ngx_http_rewrite_module
Buffer overflow in the ngxhttprewritemodule Severity: medium CVE-2026-9256 Not vulnerable: 1.31.1+, 1.30.2+ Vulnerable: 0.1.17-1.31.0...
K000161377: NGINX ngx_http_rewrite_module vulnerability CVE-2026-9256
Security Advisory Description NGINX Plus and NGINX Open Source have a vulnerability in the ngxhttprewritemodule module. This vulnerability exists when a rewrite directive uses a regex pattern with distinct, overlapping Perl-Compatible Regular Expression PCRE captures for example, ^/.$ and a...
OESA-2026-2408 nginx security update
NGINX is a free, open-source, high-performance HTTP server and reverse proxy, as well as an IMAP/POP3 proxy server. Security Fixes: NGINX Plus and NGINX Open Source have a vulnerability in the ngxhttprewritemodule module. This vulnerability exists when the rewrite directive is followed by a...
OESA-2026-2407 nginx security update
NGINX is a free, open-source, high-performance HTTP server and reverse proxy, as well as an IMAP/POP3 proxy server. Security Fixes: NGINX Plus and NGINX Open Source have a vulnerability in the ngxhttprewritemodule module. This vulnerability exists when the rewrite directive is followed by a...
OESA-2026-2406 nginx security update
NGINX is a free, open-source, high-performance HTTP server and reverse proxy, as well as an IMAP/POP3 proxy server. Security Fixes: NGINX Plus and NGINX Open Source have a vulnerability in the ngxhttprewritemodule module. This vulnerability exists when the rewrite directive is followed by a...
OESA-2026-2405 nginx security update
NGINX is a free, open-source, high-performance HTTP server and reverse proxy, as well as an IMAP/POP3 proxy server. Security Fixes: NGINX Plus and NGINX Open Source have a vulnerability in the ngxhttprewritemodule module. This vulnerability exists when the rewrite directive is followed by a...
F5 NGINX Plus和F5 NGINX Open Source 安全漏洞
F5 NGINX Plus and F5 NGINX Open Source are both products of the American company F5. F5 NGINX Plus is a software-based application delivery platform. F5 NGINX Open Source is a high-performance web server, reverse proxy server, load balancer, and API gateway. Both F5 NGINX Plus and F5 NGINX Open...
PT-2026-42776
Name of the Vulnerable Software and Affected Versions NGINX Plus versions prior to 37.0.1.1 NGINX Plus versions prior to R32 P7 NGINX Plus versions prior to R36 P5 NGINX Open Source versions 0.1.17 through 1.30.1 NGINX Open Source versions prior to 1.31.1 Description A heap buffer overflow exists...
TencentOS Server 3: nginx:1.24 (TSSA-2026:0338)
The version of Tencent Linux installed on the remote TencentOS Server 3 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2026:0338 advisory. Package updates are available for TencentOS Server 3 that fix the following vulnerabilities:...
nginx -- heap buffer overflow in ngx_http_rewrite_module
The nginx developers report: A heap memory buffer overflow might occur in a worker process when using a configuration with overlapping captures in ngxhttprewritemodule, potentially resulting in arbitrary code execution CVE-2026-9256...
CLSA-2026-1779367740 Fix CVE(s): CVE-2026-42945
SECURITY UPDATE: fix heap buffer overrun in ngxhttprewritemodule when rewrite is followed by set/if/rewrite with unnamed PCRE captures - debian/patches/CVE-2026-42945.patch: fix heap buffer overrun in ngxhttprewritemodule when rewrite is followed by set/if/rewrite with unnamed PCRE captures -...
nginx: Fix of CVE-2026-42945
CVE-2026-42945: fix heap buffer overflow in ngxhttprewritemodule...
Ubuntu 22.04 LTS / 24.04 LTS / 25.10 / 26.04 LTS : nginx vulnerability (USN-8271-1)
The remote Ubuntu 22.04 LTS / 24.04 LTS / 25.10 / 26.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-8271-1 advisory. It was discovered that the nginx ngxhttprewritemodule component incorrectly handled certain rewrite directives. A remote attacker...
nginx: NGINX: Arbitrary Code Execution Vulnerability
A flaw was found in NGINX, specifically within the ngxhttprewritemodule. An unauthenticated attacker can exploit this vulnerability by sending crafted HTTP requests under specific rewrite configurations. This can lead to a heap buffer overflow in the NGINX worker process, which may result in...
nginx: NGINX: Arbitrary Code Execution Vulnerability
A flaw was found in NGINX, specifically within the ngxhttprewritemodule. An unauthenticated attacker can exploit this vulnerability by sending crafted HTTP requests under specific rewrite configurations. This can lead to a heap buffer overflow in the NGINX worker process, which may result in...
nginx: NGINX: Arbitrary Code Execution Vulnerability
A flaw was found in NGINX, specifically within the ngxhttprewritemodule. An unauthenticated attacker can exploit this vulnerability by sending crafted HTTP requests under specific rewrite configurations. This can lead to a heap buffer overflow in the NGINX worker process, which may result in...
nginx-rift-private-lab
NGINX Rift RCE Proof of concept for CVE-2026-42945, a cri...
nginx: NGINX: Arbitrary Code Execution Vulnerability
A flaw was found in NGINX, specifically within the ngxhttprewritemodule. An unauthenticated attacker can exploit this vulnerability by sending crafted HTTP requests under specific rewrite configurations. This can lead to a heap buffer overflow in the NGINX worker process, which may result in...
CLSA-2026-1779126860 nginx: Fix of CVE-2026-42945
CVE-2026-42945: fix heap buffer overrun in ngxhttprewritemodule when rewrite is followed by set/if/rewrite with unnamed PCRE captures...
CLSA-2026-1779126256 Fix CVE(s): CVE-2026-42945
SECURITY UPDATE: fix heap buffer overrun in ngxhttprewritemodule when rewrite is followed by set/if/rewrite with unnamed PCRE captures - debian/patches/CVE-2026-42945.patch: fix heap buffer overrun in ngxhttprewritemodule when rewrite is followed by set/if/rewrite with unnamed PCRE captures -...