CVE-2026-42945
NGINX ngx_http_rewrite_module vulnerability
Description
NGINX Plus and NGINX Open Source have a vulnerability in the ngx_http_rewrite_module module. This vulnerability exists when the rewrite directive is followed by a rewrite, if, or set directive and an unnamed Perl-Compatible Regular Expression (PCRE) capture (for example, $1, $2) with a replacement string that includes a question mark (?). An unauthenticated attacker along with conditions beyond its control can exploit this vulnerability by sending crafted HTTP requests. This may cause a heap buffer overflow in the NGINX worker process leading to a restart. Additionally, attackers can execute code on systems with Address Space Layout Randomization (ASLR) disabled or when the attacker can bypass ASLR. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
INFO
Published Date :
May 13, 2026, 4:16 p.m.
Last Modified :
June 27, 2026, 5:16 a.m.
Remotely Exploit :
Yes !
Source :
[email protected]
Affected Products
The following products are affected by CVE-2026-42945
vulnerability.
Even if cvefeed.io is aware of the exact versions of the
products
that
are
affected, the information is not represented in the table below.
CVSS Scores
| Score | Version | Severity | Vector | Exploitability Score | Impact Score | Source |
|---|---|---|---|---|---|---|
| CVSS | 134c704f-9b21-4f2e-91b3-4a467353bcc0 | |||||
| CVSS 3.1 | HIGH | 9dacffd4-cb11-413f-8451-fbbfd4ddc0ab | ||||
| CVSS 3.1 | HIGH | [email protected] | ||||
| CVSS 3.1 | HIGH | MITRE-CVE | ||||
| CVSS 3.1 | HIGH | 0b0ca135-0b70-47e7-9f44-1890c2a1c46c | ||||
| CVSS 4.0 | CRITICAL | 9dacffd4-cb11-413f-8451-fbbfd4ddc0ab | ||||
| CVSS 4.0 | CRITICAL | [email protected] |
Solution
- Update NGINX to a fixed version.
- Apply vendor patches for NGINX.
- Ensure ASLR is enabled on systems.
Public PoC/Exploit Available at Github
CVE-2026-42945 has a 99 public
PoC/Exploit available at Github.
Go to the Public Exploits tab to see the list.
References to Advisories, Solutions, and Tools
Here, you will find a curated list of external links that provide in-depth
information, practical solutions, and valuable tools related to
CVE-2026-42945.
CWE - Common Weakness Enumeration
While CVE identifies
specific instances of vulnerabilities, CWE categorizes the common flaws or
weaknesses that can lead to vulnerabilities. CVE-2026-42945 is
associated with the following CWEs:
Common Attack Pattern Enumeration and Classification (CAPEC)
Common Attack Pattern Enumeration and Classification
(CAPEC)
stores attack patterns, which are descriptions of the common attributes and
approaches employed by adversaries to exploit the CVE-2026-42945
weaknesses.
We scan GitHub repositories to detect new proof-of-concept exploits. Following list is a collection of public exploits and proof-of-concepts, which have been published on GitHub (sorted by the most recently updated).
Multi-vector DevOps attack surface analysis — 18 CVEs across 12 tools mapped into a 9-layer kill chain. Includes deep-dive docs, attack chain simulations, and 56 detection rules (YARA, Sigma, Snort). NGINX → Argo CD → Grafana → Docker → Jenkins → Kubernetes → Prometheus → Ansible → Linux → GitHub
YARA Python
well i dislike beeing called to much. that s just not fair
Java
A flaw was found in NGINX, specifically within the ngx_http_rewrite_module. An unauthenticated attacker can exploit this vulnerability by sending crafted HTTP requests under specific rewrite configurations. This can lead to a heap buffer overflow in the NGINX worker process, which may result in arbitrary code execution
Python
Complete Pentester Roadmap using free TryHackMe rooms
None
Python Shell HTML TypeScript Makefile Go CSS JavaScript
Standalone Python 3 proof-of-concept exploits for recent CVEs - each with a write-up and a screenshot of a real run. For authorized security testing and education only.
cve exploit penetration-testing poc proof-of-concept python security-research vulnerability
Python C
Technical analysis of CVE-2026-42945 (NGINX Rift), a critical heap buffer overflow in NGINX's rewrite engine caused by a state mismatch between length calculation and copy operations, enabling worker crashes and potential remote code execution.
None
Dockerfile Python Shell
A dynamically growing portfolio of practical cybersecurity labs covering SOC operations, penetration testing, and real-world vulnerability mitigation.
None
Dockerfile Java Python Batchfile Shell C
None
Dockerfile Shell HTML PHP Python
Ping7 defensive CVE tools, GitHub pages, and repair guides
cve incident-response ping7 security-tools vulnerability-management
CVE-2026-42945 — NGINX Rewrite Module Heap Buffer Overflow RCE checker & Metasploit module
Python Ruby
Python RCE PoC with reverse-shell listener for CVE-2026-42945 (NGINX Rift)
Python
None
Dockerfile Rust
Results are limited to the first 15 repositories due to potential performance issues.
The following list is the news that have been mention
CVE-2026-42945 vulnerability anywhere in the article.
-
The Hacker News
F5 Patches Two Critical NGINX Open Source Flaws Enabling Remote Code Execution
Ravie LakshmananJun 18, 2026Vulnerability / Cloud Security F5 has released security updates to address two critical security flaws in NGINX Open Source that could be exploited to achieve code execut ... Read more
-
The Hacker News
Google June 2026 Android Update Patches 124 Flaws, One Actively Exploited
Google on Monday released patches for 124 security vulnerabilities impacting its Android operating system for the month of June 2026, including one high-severity flaw in the Framework component that h ... Read more
-
The Hacker News
Gamaredon Exploits WinRAR to Deliver GammaWorm and GammaSteel Against Ukraine
The Russian hacking group known as Gamaredon has been attributed to the continued exploitation of a WinRAR vulnerability to deliver multiple malware families aimed at data theft and propagation. Per S ... Read more
-
The Hacker News
Oracle WebLogic CVE-2024-21182 Added to KEV Catalog After Active Exploitation
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Monday added a high-severity security flaw impacting Oracle WebLogic Server to its Known Exploited Vulnerabilities (KEV) Catalog, ba ... Read more
-
The Hacker News
Critical WP Maps Pro Flaw Actively Exploited to Create Admin Accounts
Threat actors are attempting to actively exploit a critical security flaw impacting WP Maps Pro, a WordPress plugin that has had over 15,000 sales on the Envato Market, to create malicious administrat ... Read more
-
The Hacker News
PAN-OS GlobalProtect Authentication Bypass (CVE-2026-0257) Under Active Exploitation
Palo Alto Networks has warned that a recently disclosed medium-severity security flaw impacting PAN-OS and Prisma Access has come under active exploitation in the wild. The vulnerability, tracked as C ... Read more
-
The Hacker News
Attackers Use LLM Agent for Post-Exploitation After Marimo CVE-2026-39987 Exploit
An unknown threat actor has been observed using a large language model (LLM) agent to conduct post-compromise actions after obtaining initial access following the exploitation of a publicly-accessible ... Read more
-
The Hacker News
Threat Actors Exploit Critical FortiClient EMS Flaw to Deploy Credential Stealer
Threat actors are continuing to exploit a critical, now-patched security flaw impacting FortiClient Endpoint Management Server (EMS) deployments to deliver credential-stealing malware. "The campaign a ... Read more
-
The Hacker News
Microsoft Slams Public Zero-Day Disclosures Amid GitHub Researcher Account Removal
Microsoft has come out strongly in favor of Coordinated Vulnerability Disclosure (CVD), urging the research community to share their findings and give affected vendors an opportunity to better underst ... Read more
-
The Hacker News
ThreatsDay Bulletin: Claude Security Plugin, Azure Priv-Esc, Kali365 MFA Bypass, FIFA Scams +15 More
Every time you think the industry has finally stopped doing some reckless, low-effort crap, somebody spins up a fresh box full of sketchy loaders, fake installers, recycled social-engineering bait, an ... Read more
-
The Hacker News
AI Chatbot Recommendations Redirect Users to Cryptojacking Malware Sites
Microsoft has warned of an active cryptojacking campaign that makes use of artificial intelligence (AI) chatbot interactions as a mechanism for surfacing malicious download sites. "This emerging deliv ... Read more
-
The Hacker News
Microsoft Patches SharePoint RCE Flaw CVE-2026-45659 Across Server Versions
Microsoft has rolled out updates to fix a remote code execution vulnerability impacting SharePoint that could be exploited by bad actors in attacks without requiring any specialized conditions to be m ... Read more
-
The Hacker News
KnowledgeDeliver LMS Flaw Exploited to Deploy Godzilla and Cobalt Strike
A now-patched high-severity security flaw affecting Digital Knowledge KnowledgeDeliver, a Learning Management System (LMS) popular in Japan, was exploited as a zero-day to deliver the Godzilla web she ... Read more
-
The Hacker News
Ghost CMS CVE-2026-26980 Exploited to Hijack 700+ Sites for ClickFix Attacks
Threat actors are exploiting a recently disclosed critical security flaw in Ghost CMS to inject malicious JavaScript code with an aim to fuel ClickFix attacks. According to QiAnXin XLab, the activity ... Read more
-
CybersecurityNews
Nginx-poolslip Vulnerability Enables DoS and Code Execution Attacks — Patch Now!
A newly disclosed flaw in one of the world’s most widely deployed web servers is forcing administrators into another emergency patch cycle. Tracked as CVE-2026-9256 and publicly nicknamed nginx-poolsl ... Read more
-
CybersecurityNews
New NGINX 0-Day RCE “nginx-poolslip” Affects Millions of NGINX Servers
A newly disclosed zero-day remote code execution (RCE) vulnerability, dubbed nginx-poolslip, has been identified in NGINX version 1.31.0, the latest stable release of the widely deployed web server so ... Read more
-
The Cyber Express
Critical ChromaDB Flaw Exposes AI Vector Databases to Remote Code Execution
The security issue tracked as CVE-2026-45829, often referred to in analysis as ChromaToast Served Pre-Auth, affects the open-source vector database ChromaDB. ChromaDB is widely used for semantic searc ... Read more
-
The Cyber Express
Critical NGINX Vulnerability CVE-2026-42945 Now Under Active Attack
Cybersecurity researchers are warning that attackers have already started exploiting a newly disclosed NGINX vulnerability, tracked as CVE-2026-42945, just days after technical details and proof-of-co ... Read more
-
CybersecurityNews
Hackers Actively Exploiting Critical NGINX RCE Vulnerability in the Wild
Hackers are wasting no time exploiting a newly disclosed critical vulnerability in NGINX, with security researchers already observing real-world attacks just days after its public release. Security re ... Read more
-
TheCyberThrone
Pwn2Own Berlin 2026 a Detailed Report
The curtain has fallen on Pwn2Own Berlin 2026. Three days. 47 unique zero-day vulnerabilities. $1,298,250 in total payouts. And a competition that, for the first time in its 19-year history, ran out o ... Read more
The following table lists the changes that have been made to the
CVE-2026-42945 vulnerability over time.
Vulnerability history details can be useful for understanding the evolution of a vulnerability, and for identifying the most recent changes that may impact the vulnerability's severity, exploitability, or other characteristics.
-
CVE Modified by 0b0ca135-0b70-47e7-9f44-1890c2a1c46c
Jun. 27, 2026
Action Type Old Value New Value Added Affected [{'cpes': ['cpe:/o:redhat:enterprise_linux_eus:10.0'], 'vendor': 'Red Hat', 'product': 'Red Hat Enterprise Linux AppStream EUS (v. 10.0)', 'defaultStatus': 'affected'}, {'cpes': ['cpe:/o:redhat:enterprise_linux:10.1', 'cpe:/o:redhat:enterprise_linux:10.2'], 'vendor': 'Red Hat', 'product': 'Red Hat Enterprise Linux AppStream (v. 10)', 'defaultStatus': 'affected'}, {'cpes': ['cpe:/a:redhat:enterprise_linux:8::appstream'], 'vendor': 'Red Hat', 'product': 'Red Hat Enterprise Linux AppStream (v. 8)', 'defaultStatus': 'affected'}, {'cpes': ['cpe:/a:redhat:rhel_e4s:9.0::appstream'], 'vendor': 'Red Hat', 'product': 'Red Hat Enterprise Linux AppStream E4S (v.9.0)', 'defaultStatus': 'affected'}, {'cpes': ['cpe:/a:redhat:rhel_e4s:9.2::appstream'], 'vendor': 'Red Hat', 'product': 'Red Hat Enterprise Linux AppStream E4S (v.9.2)', 'defaultStatus': 'affected'}, {'cpes': ['cpe:/a:redhat:rhel_eus:9.4::appstream'], 'vendor': 'Red Hat', 'product': 'Red Hat Enterprise Linux AppStream EUS (v.9.4)', 'defaultStatus': 'affected'}, {'cpes': ['cpe:/a:redhat:rhel_eus:9.6::appstream'], 'vendor': 'Red Hat', 'product': 'Red Hat Enterprise Linux AppStream EUS (v.9.6)', 'defaultStatus': 'affected'}, {'cpes': ['cpe:/a:redhat:enterprise_linux:9::appstream'], 'vendor': 'Red Hat', 'product': 'Red Hat Enterprise Linux AppStream (v. 9)', 'defaultStatus': 'affected'}, {'cpes': ['cpe:/o:redhat:enterprise_linux_eus:10.0'], 'vendor': 'Red Hat', 'product': 'Red Hat Enterprise Linux CodeReady Linux Builder EUS (v. 10.0)', 'defaultStatus': 'affected'}, {'cpes': ['cpe:/o:redhat:enterprise_linux:10.1', 'cpe:/o:redhat:enterprise_linux:10.2'], 'vendor': 'Red Hat', 'product': 'Red Hat Enterprise Linux CodeReady Linux Builder (v. 10)', 'defaultStatus': 'affected'}, {'cpes': ['cpe:/a:redhat:rhel_eus:9.4::crb'], 'vendor': 'Red Hat', 'product': 'Red Hat CodeReady Linux Builder EUS (v.9.4)', 'defaultStatus': 'affected'}, {'cpes': ['cpe:/a:redhat:rhel_eus:9.6::crb'], 'vendor': 'Red Hat', 'product': 'Red Hat CodeReady Linux Builder EUS (v.9.6)', 'defaultStatus': 'affected'}, {'cpes': ['cpe:/a:redhat:enterprise_linux:9::crb'], 'vendor': 'Red Hat', 'product': 'Red Hat Enterprise Linux CodeReady Linux Builder (v. 9)', 'defaultStatus': 'affected'}, {'cpes': ['cpe:/a:redhat:hummingbird:1'], 'vendor': 'Red Hat', 'product': 'Red Hat Hardened Images', 'defaultStatus': 'affected'}, {'cpes': ['cpe:/a:redhat:openshift_data_foundation:4.14::el9'], 'vendor': 'Red Hat', 'product': 'Red Hat Openshift Data Foundation 4.14', 'defaultStatus': 'affected'}, {'cpes': ['cpe:/a:redhat:openshift_data_foundation:4.15::el9'], 'vendor': 'Red Hat', 'product': 'Red Hat Openshift Data Foundation 4.15', 'defaultStatus': 'affected'}, {'cpes': ['cpe:/a:redhat:openshift_data_foundation:4.16::el9'], 'vendor': 'Red Hat', 'product': 'Red Hat Openshift Data Foundation 4.16', 'defaultStatus': 'affected'}, {'cpes': ['cpe:/a:redhat:openshift_data_foundation:4.17::el9'], 'vendor': 'Red Hat', 'product': 'Red Hat Openshift Data Foundation 4.17', 'defaultStatus': 'affected'}, {'cpes': ['cpe:/a:redhat:openshift_data_foundation:4.18::el9'], 'vendor': 'Red Hat', 'product': 'Red Hat Openshift Data Foundation 4.18', 'defaultStatus': 'affected'}, {'cpes': ['cpe:/a:redhat:openshift_data_foundation:4.19::el9'], 'vendor': 'Red Hat', 'product': 'Red Hat Openshift Data Foundation 4.19', 'defaultStatus': 'affected'}, {'cpes': ['cpe:/a:redhat:openshift_data_foundation:4.21::el9'], 'vendor': 'Red Hat', 'product': 'Red Hat Openshift Data Foundation 4.21', 'defaultStatus': 'affected'}, {'cpes': ['cpe:/a:redhat:openshift_data_foundation:4.20::el9'], 'vendor': 'Red Hat', 'product': 'Red Hat Openshift Data Foundation 4.2', 'defaultStatus': 'affected'}, {'cpes': ['cpe:/a:redhat:satellite:6.18::el9'], 'vendor': 'Red Hat', 'product': 'Red Hat Satellite 6.18', 'defaultStatus': 'affected'}, {'cpes': ['cpe:/a:redhat:satellite:6.19::el9'], 'vendor': 'Red Hat', 'product': 'Red Hat Satellite 6.19', 'defaultStatus': 'affected'}, {'cpes': ['cpe:/a:redhat:rhui:5::el9'], 'vendor': 'Red Hat', 'product': 'Red Hat Update Infrastructure 5', 'defaultStatus': 'affected'}, {'cpes': ['cpe:/a:redhat:red_hat_3scale_amp:2'], 'vendor': 'Red Hat', 'product': 'Red Hat 3scale API Management Platform 2', 'defaultStatus': 'affected'}, {'cpes': ['cpe:/a:redhat:insights_proxy:1'], 'vendor': 'Red Hat', 'product': 'Red Hat Lightspeed proxy 1', 'defaultStatus': 'affected'}] Added CVSS V3.1 AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H Added CWE CWE-131 Added Reference https://access.redhat.com/errata/RHSA-2026:17417 Added Reference https://access.redhat.com/errata/RHSA-2026:17751 Added Reference https://access.redhat.com/errata/RHSA-2026:17752 Added Reference https://access.redhat.com/errata/RHSA-2026:17753 Added Reference https://access.redhat.com/errata/RHSA-2026:17790 Added Reference https://access.redhat.com/errata/RHSA-2026:17791 Added Reference https://access.redhat.com/errata/RHSA-2026:17792 Added Reference https://access.redhat.com/errata/RHSA-2026:17793 Added Reference https://access.redhat.com/errata/RHSA-2026:17794 Added Reference https://access.redhat.com/errata/RHSA-2026:18029 Added Reference https://access.redhat.com/errata/RHSA-2026:18041 Added Reference https://access.redhat.com/errata/RHSA-2026:18063 Added Reference https://access.redhat.com/errata/RHSA-2026:19159 Added Reference https://access.redhat.com/errata/RHSA-2026:19371 Added Reference https://access.redhat.com/errata/RHSA-2026:19372 Added Reference https://access.redhat.com/errata/RHSA-2026:19374 Added Reference https://access.redhat.com/errata/RHSA-2026:20442 Added Reference https://access.redhat.com/errata/RHSA-2026:20444 Added Reference https://access.redhat.com/errata/RHSA-2026:21275 Added Reference https://access.redhat.com/errata/RHSA-2026:22382 Added Reference https://access.redhat.com/errata/RHSA-2026:22383 Added Reference https://access.redhat.com/errata/RHSA-2026:22388 Added Reference https://access.redhat.com/errata/RHSA-2026:22389 Added Reference https://access.redhat.com/errata/RHSA-2026:22390 Added Reference https://access.redhat.com/errata/RHSA-2026:22393 Added Reference https://access.redhat.com/errata/RHSA-2026:22394 Added Reference https://access.redhat.com/errata/RHSA-2026:22396 Added Reference https://access.redhat.com/security/cve/CVE-2026-42945 Added Reference https://bugzilla.redhat.com/show_bug.cgi?id=2477116 Added Reference https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-42945.json -
Reanalysis by [email protected]
Jun. 18, 2026
Action Type Old Value New Value Changed CPE Configuration OR *cpe:2.3:a:f5:nginx_ingress_controller:*:*:*:*:*:*:*:* versions from (including) 4.0.0 up to (including) 4.0.1 *cpe:2.3:a:f5:nginx_app_protect_dos:*:*:*:*:*:*:*:* versions from (including) 4.3.0 up to (including) 4.7.0 *cpe:2.3:a:f5:nginx_app_protect_waf:*:*:*:*:*:*:*:* versions from (including) 4.9.0 up to (including) 4.16.0 *cpe:2.3:a:f5:nginx_app_protect_waf:*:*:*:*:*:*:*:* versions from (including) 5.1.0 up to (including) 5.8.0 *cpe:2.3:a:f5:nginx_gateway_fabric:*:*:*:*:*:*:*:* versions from (including) 1.3.0 up to (including) 1.6.2 *cpe:2.3:a:f5:nginx_ingress_controller:*:*:*:*:*:*:*:* versions from (including) 3.5.0 up to (including) 3.7.2 *cpe:2.3:a:f5:nginx_plus:*:*:*:*:*:*:*:* versions from (including) r32 up to (including) r36 *cpe:2.3:a:f5:nginx_gateway_fabric:*:*:*:*:*:*:*:* versions from (including) 2.0.0 up to (including) 2.5.1 *cpe:2.3:a:f5:nginx_ingress_controller:*:*:*:*:*:*:*:* versions from (including) 5.0.0 up to (including) 5.4.1 *cpe:2.3:a:f5:nginx_instance_manager:*:*:*:*:*:*:*:* versions from (including) 2.16.0 up to (including) 2.21.1 *cpe:2.3:a:f5:nginx_open_source:*:*:*:*:*:*:*:* versions from (including) 0.6.27 up to (including) 1.30.0 *cpe:2.3:a:f5:dos:4.8.0:*:*:*:*:nginx:*:* *cpe:2.3:a:f5:waf:*:*:*:*:*:nginx:*:* versions from (including) 5.9.0 up to (including) 5.12.1 OR *cpe:2.3:a:f5:nginx_ingress_controller:*:*:*:*:*:*:*:* versions from (including) 4.0.0 up to (including) 4.0.1 *cpe:2.3:a:f5:nginx_gateway_fabric:*:*:*:*:*:*:*:* versions from (including) 1.3.0 up to (including) 1.6.2 *cpe:2.3:a:f5:nginx_ingress_controller:*:*:*:*:*:*:*:* versions from (including) 3.5.0 up to (including) 3.7.2 *cpe:2.3:a:f5:nginx_plus:*:*:*:*:*:*:*:* versions from (including) r32 up to (including) r36 *cpe:2.3:a:f5:nginx_gateway_fabric:*:*:*:*:*:*:*:* versions from (including) 2.0.0 up to (including) 2.5.1 *cpe:2.3:a:f5:nginx_ingress_controller:*:*:*:*:*:*:*:* versions from (including) 5.0.0 up to (including) 5.4.1 *cpe:2.3:a:f5:nginx_instance_manager:*:*:*:*:*:*:*:* versions from (including) 2.16.0 up to (including) 2.21.1 *cpe:2.3:a:f5:nginx_open_source:*:*:*:*:*:*:*:* versions from (including) 0.6.27 up to (including) 1.30.0 *cpe:2.3:a:f5:dos:4.8.0:*:*:*:*:nginx:*:* *cpe:2.3:a:f5:waf:*:*:*:*:*:nginx:*:* versions from (including) 5.9.0 up to (including) 5.12.1 *cpe:2.3:a:f5:dos:*:*:*:*:*:nginx:*:* versions from (including) 4.3.0 up to (including) 4.7.0 *cpe:2.3:a:f5:waf:*:*:*:*:*:nginx:*:* versions from (including) 5.1.0 up to (including) 5.8.0 *cpe:2.3:a:f5:waf:*:*:*:*:*:nginx:*:* versions from (including) 4.9.0 up to (including) 4.16.0 -
Initial Analysis by [email protected]
Jun. 17, 2026
Action Type Old Value New Value Added CPE Configuration OR *cpe:2.3:a:f5:nginx_ingress_controller:*:*:*:*:*:*:*:* versions from (including) 4.0.0 up to (including) 4.0.1 *cpe:2.3:a:f5:nginx_app_protect_dos:*:*:*:*:*:*:*:* versions from (including) 4.3.0 up to (including) 4.7.0 *cpe:2.3:a:f5:nginx_app_protect_waf:*:*:*:*:*:*:*:* versions from (including) 4.9.0 up to (including) 4.16.0 *cpe:2.3:a:f5:nginx_app_protect_waf:*:*:*:*:*:*:*:* versions from (including) 5.1.0 up to (including) 5.8.0 *cpe:2.3:a:f5:nginx_gateway_fabric:*:*:*:*:*:*:*:* versions from (including) 1.3.0 up to (including) 1.6.2 *cpe:2.3:a:f5:nginx_ingress_controller:*:*:*:*:*:*:*:* versions from (including) 3.5.0 up to (including) 3.7.2 *cpe:2.3:a:f5:nginx_plus:*:*:*:*:*:*:*:* versions from (including) r32 up to (including) r36 *cpe:2.3:a:f5:nginx_gateway_fabric:*:*:*:*:*:*:*:* versions from (including) 2.0.0 up to (including) 2.5.1 *cpe:2.3:a:f5:nginx_ingress_controller:*:*:*:*:*:*:*:* versions from (including) 5.0.0 up to (including) 5.4.1 *cpe:2.3:a:f5:nginx_instance_manager:*:*:*:*:*:*:*:* versions from (including) 2.16.0 up to (including) 2.21.1 *cpe:2.3:a:f5:nginx_open_source:*:*:*:*:*:*:*:* versions from (including) 0.6.27 up to (including) 1.30.0 *cpe:2.3:a:f5:dos:4.8.0:*:*:*:*:nginx:*:* *cpe:2.3:a:f5:waf:*:*:*:*:*:nginx:*:* versions from (including) 5.9.0 up to (including) 5.12.1 Added Reference Type F5 Networks: https://my.f5.com/manage/s/article/K000161019 Types: Mitigation, Vendor Advisory Added Reference Type CVE: https://depthfirst.com/nginx-rift Types: Mitigation, Technical Description, Third Party Advisory Added Reference Type CVE: https://github.com/DepthFirstDisclosures/Nginx-Rift Types: Exploit, Third Party Advisory -
CVE Modified by [email protected]
Jun. 17, 2026
Action Type Old Value New Value Added Affected [{'vendor': 'F5', 'modules': ['ngx_http_rewrite_module'], 'product': 'NGINX Plus', 'versions': [{'status': 'unaffected', 'version': 'R37', 'lessThan': '*', 'versionType': 'custom'}, {'status': 'affected', 'version': 'R36', 'lessThan': 'R36 P4', 'versionType': 'custom'}, {'status': 'affected', 'version': 'R32', 'lessThan': 'R32 P6', 'versionType': 'custom'}], 'defaultStatus': 'unknown'}, {'vendor': 'F5', 'modules': ['ngx_http_rewrite_module'], 'product': 'NGINX Open Source', 'versions': [{'status': 'unaffected', 'version': '1.31.0', 'lessThan': '*', 'versionType': 'semver'}, {'status': 'affected', 'version': '0.6.27', 'lessThan': '1.30.1', 'versionType': 'semver'}], 'defaultStatus': 'unaffected'}] -
CVE Modified by 134c704f-9b21-4f2e-91b3-4a467353bcc0
Jun. 17, 2026
Action Type Old Value New Value Added SSVC {'id': 'CVE-2026-42945', 'role': 'CISA Coordinator', 'options': [{'exploitation': 'none'}, {'automatable': 'no'}, {'technicalImpact': 'total'}], 'version': '2.0.3', 'timestamp': '2026-05-13T00:00:00+00:00'} -
CVE Modified by [email protected]
May. 21, 2026
Action Type Old Value New Value Changed Description NGINX Plus and NGINX Open Source have a vulnerability in the ngx_http_rewrite_module module. This vulnerability exists when the rewrite directive is followed by a rewrite, if, or set directive and an unnamed Perl-Compatible Regular Expression (PCRE) capture (for example, $1, $2) with a replacement string that includes a question mark (?). An unauthenticated attacker along with conditions beyond its control can exploit this vulnerability by sending crafted HTTP requests. This may cause a heap buffer overflow in the NGINX worker process leading to a restart. Additionally, for systems with Address Space Layout Randomization (ASLR ) disabled, code execution is possible. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. NGINX Plus and NGINX Open Source have a vulnerability in the ngx_http_rewrite_module module. This vulnerability exists when the rewrite directive is followed by a rewrite, if, or set directive and an unnamed Perl-Compatible Regular Expression (PCRE) capture (for example, $1, $2) with a replacement string that includes a question mark (?). An unauthenticated attacker along with conditions beyond its control can exploit this vulnerability by sending crafted HTTP requests. This may cause a heap buffer overflow in the NGINX worker process leading to a restart. Additionally, attackers can execute code on systems with Address Space Layout Randomization (ASLR) disabled or when the attacker can bypass ASLR. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. -
CVE Modified by af854a3a-2127-422b-91ae-364da2661108
May. 14, 2026
Action Type Old Value New Value Added Reference https://github.com/DepthFirstDisclosures/Nginx-Rift -
CVE Modified by af854a3a-2127-422b-91ae-364da2661108
May. 14, 2026
Action Type Old Value New Value Added Reference https://depthfirst.com/nginx-rift -
New CVE Received by [email protected]
May. 13, 2026
Action Type Old Value New Value Added Description NGINX Plus and NGINX Open Source have a vulnerability in the ngx_http_rewrite_module module. This vulnerability exists when the rewrite directive is followed by a rewrite, if, or set directive and an unnamed Perl-Compatible Regular Expression (PCRE) capture (for example, $1, $2) with a replacement string that includes a question mark (?). An unauthenticated attacker along with conditions beyond its control can exploit this vulnerability by sending crafted HTTP requests. This may cause a heap buffer overflow in the NGINX worker process leading to a restart. Additionally, for systems with Address Space Layout Randomization (ASLR ) disabled, code execution is possible. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. Added CVSS V4.0 AV:N/AC:H/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X Added CVSS V3.1 AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H Added CWE CWE-122 Added Reference https://my.f5.com/manage/s/article/K000161019