31 matches found
ROS-20260626-73-0020
The vulnerability of the ngxhttprewritemodule module in NGINX Plus and NGINX Open Source web servers is related to buffer overflows in dynamic memory. Exploiting this vulnerability allows a malicious actor to execute arbitrary code or cause a denial-of-service attack by sending a specially crafte...
RockyLinux 10 : nginx (RLSA-2026:29874)
The remote RockyLinux 10 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2026:29874 advisory. nginx: ngxhttprewritemodule: code execution and denial of service CVE-2026-9256 Tenable has extracted the preceding description block directly from the RockyLin...
nginx: ngx_http_rewrite_module: code execution and denial of service
A flaw was found in the ngxhttprewritemodule module of NGINX. When a rewrite directive uses a regex pattern with distinct, overlapping Perl-Compatible Regular Expression PCRE captures and a replacement string that references multiple such captures in a redirect or arguments context, an...
Exploit for CVE-2026-42945
CVE-2026-42945 - ngxhttprewritemodule module. This vulnerab...
ROS-20260609-73-0007
The vulnerability of the ngxhttprewritemodule module in NGINX Plus and NGINX Open Source web servers is related to buffer overflows in dynamic memory. Exploiting this vulnerability allows a malicious actor to execute arbitrary code or cause a denial-of-service attack by sending a specially crafte...
ROS-20260609-73-0014
The vulnerability of the ngxhttprewritemodule module in NGINX Plus and NGINX Open Source web servers is related to buffer overflow in dynamic memory. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...
BIT-NGINX-2026-9256 NGINX ngx_http_rewrite_module vulnerability
NGINX Plus and NGINX Open Source have a vulnerability in the ngxhttprewritemodule module. This vulnerability exists when a rewrite directive uses a regex pattern with distinct, overlapping Perl-Compatible Regular Expression PCRE captures for example, ^/.$ and a replacement string that references...
Exploit for CVE-2026-9256
It should be noted that the /api route used by default in the Po...
Self-Researched-POC
NGINX ngxhttpr...
CLSA-2026-1779804603 Fix CVE(s): CVE-2026-9256
SECURITY UPDATE: Heap buffer overflow in ngxhttprewritemodule via overlapping PCRE captures in replacement strings - debian/patches/CVE-2026-9256.patch: recompute buffer length per capture including escaping in ngxhttpscriptregexstartcode to prevent buffer overrun when redirect parameter is used ...
Exploit for CVE-2026-42945
NGINX Rift — CVE-2026-42945 Vulnerability Scanning and Verific...
SUSE CVE-2026-9256
NGINX Plus and NGINX Open Source have a vulnerability in the ngxhttprewritemodule module. This vulnerability exists when a rewrite directive uses a regex pattern with distinct, overlapping Perl-Compatible Regular Expression PCRE captures for example, ^/.$ and a replacement string that references...
CVE-2026-9256
NGINX Plus and NGINX Open Source have a vulnerability in the ngxhttprewritemodule module. This vulnerability exists when a rewrite directive uses a regex pattern with distinct, overlapping Perl-Compatible Regular Expression PCRE captures for example, ^/.$ and a replacement string that references...
EUVD-2026-31444
NGINX Plus and NGINX Open Source have a vulnerability in the ngxhttprewritemodule module. This vulnerability exists when a rewrite directive uses a regex pattern with distinct, overlapping Perl-Compatible Regular Expression PCRE captures for example, ^/.$ and a replacement string that references...
CVE-2026-9256 NGINX ngx_http_rewrite_module vulnerability
NGINX Plus and NGINX Open Source have a vulnerability in the ngxhttprewritemodule module. This vulnerability exists when a rewrite directive uses a regex pattern with distinct, overlapping Perl-Compatible Regular Expression PCRE captures for example, ^/.$ and a replacement string that references...
K000161377: NGINX ngx_http_rewrite_module vulnerability CVE-2026-9256
Security Advisory Description NGINX Plus and NGINX Open Source have a vulnerability in the ngxhttprewritemodule module. This vulnerability exists when a rewrite directive uses a regex pattern with distinct, overlapping Perl-Compatible Regular Expression PCRE captures for example, ^/.$ and a...
nginx: NGINX: Arbitrary Code Execution Vulnerability
A flaw was found in NGINX, specifically within the ngxhttprewritemodule. An unauthenticated attacker can exploit this vulnerability by sending crafted HTTP requests under specific rewrite configurations. This can lead to a heap buffer overflow in the NGINX worker process, which may result in...
CLSA-2026-1779126256 Fix CVE(s): CVE-2026-42945
SECURITY UPDATE: fix heap buffer overrun in ngxhttprewritemodule when rewrite is followed by set/if/rewrite with unnamed PCRE captures - debian/patches/CVE-2026-42945.patch: fix heap buffer overrun in ngxhttprewritemodule when rewrite is followed by set/if/rewrite with unnamed PCRE captures -...
Exploit for CVE-2026-42945
CVE-2026-42945 Safe Checker This repository contains a defens...
NGINX CVE-2026-42945 Exploited in the Wild, Causing Worker Crashes and Possible RCE
A newly disclosed security flaw impacting NGINX Plus and NGINX Open Source has come under active exploitation in the wild, days after its public disclosure, according to VulnCheck. The vulnerability, tracked as CVE-2026-42945 CVSS score: 9.2, is a heap buffer overflow in ngxhttprewritemodule...