CVE-2026-42945
NGINX Plus and NGINX Open Source have a vulnerability in the ngx_http_rewrite_module module. This vulnerability exists when the rewrite dire
CVSS
8.1
Alto
EPSS
61.5%
p99
KEV
—
Exploit Today
30
0-100
Publicado: 13 may 2026 · Última mod.: 15 jul 2026 · CWE-122 · CWE-131
NGINX Plus and NGINX Open Source have a vulnerability in the ngx_http_rewrite_module module. This vulnerability exists when the rewrite directive is followed by a rewrite, if, or set directive and an unnamed Perl-Compatible Regular Expression (PCRE) capture (for example, $1, $2) with a replacement string that includes a question mark (?). An unauthenticated attacker along with conditions beyond its control can exploit this vulnerability by sending crafted HTTP requests. This may cause a heap buffer overflow in the NGINX worker process leading to a restart. Additionally, attackers can execute code on systems with Address Space Layout Randomization (ASLR) disabled or when the attacker can bypass ASLR. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
- my.f5.comhttps://my.f5.com/manage/s/article/K000161019
- depthfirst.comhttps://depthfirst.com/nginx-rift
- github.comhttps://github.com/DepthFirstDisclosures/Nginx-Rift
- access.redhat.comhttps://access.redhat.com/errata/RHSA-2026:17417
- access.redhat.comhttps://access.redhat.com/errata/RHSA-2026:17751
- access.redhat.comhttps://access.redhat.com/errata/RHSA-2026:17752
- access.redhat.comhttps://access.redhat.com/errata/RHSA-2026:17753
- access.redhat.comhttps://access.redhat.com/errata/RHSA-2026:17790
- access.redhat.comhttps://access.redhat.com/errata/RHSA-2026:17791
- access.redhat.comhttps://access.redhat.com/errata/RHSA-2026:17792
- access.redhat.comhttps://access.redhat.com/errata/RHSA-2026:17793
- access.redhat.comhttps://access.redhat.com/errata/RHSA-2026:17794
- access.redhat.comhttps://access.redhat.com/errata/RHSA-2026:18029
- access.redhat.comhttps://access.redhat.com/errata/RHSA-2026:18041
- access.redhat.comhttps://access.redhat.com/errata/RHSA-2026:18063
- access.redhat.comhttps://access.redhat.com/errata/RHSA-2026:19159
- access.redhat.comhttps://access.redhat.com/errata/RHSA-2026:19371
- access.redhat.comhttps://access.redhat.com/errata/RHSA-2026:19372
- access.redhat.comhttps://access.redhat.com/errata/RHSA-2026:19374
- access.redhat.comhttps://access.redhat.com/errata/RHSA-2026:20442