9.2
CRITICAL CVSS 4.0
CVE-2026-42945
NGINX ngx_http_rewrite_module vulnerability
Description

NGINX Plus and NGINX Open Source have a vulnerability in the ngx_http_rewrite_module module. This vulnerability exists when the rewrite directive is followed by a rewrite, if, or set directive and an unnamed Perl-Compatible Regular Expression (PCRE) capture (for example, $1, $2) with a replacement string that includes a question mark (?). An unauthenticated attacker along with conditions beyond its control can exploit this vulnerability by sending crafted HTTP requests. This may cause a heap buffer overflow in the NGINX worker process leading to a restart. Additionally, attackers can execute code on systems with Address Space Layout Randomization (ASLR) disabled or when the attacker can bypass ASLR.  Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

INFO

Published Date :

May 13, 2026, 4:16 p.m.

Last Modified :

June 27, 2026, 5:16 a.m.

Remotely Exploit :

Yes !
Affected Products

The following products are affected by CVE-2026-42945 vulnerability. Even if cvefeed.io is aware of the exact versions of the products that are affected, the information is not represented in the table below.

ID Vendor Product Action
1 F5 nginx_instance_manager
2 F5 nginx_ingress_controller
3 F5 nginx_plus
4 F5 nginx_open_source
5 F5 nginx_gateway_fabric
6 F5 dos
7 F5 waf
CVSS Scores
The Common Vulnerability Scoring System is a standardized framework for assessing the severity of vulnerabilities in software and systems. We collect and displays CVSS scores from various sources for each CVE.
Score Version Severity Vector Exploitability Score Impact Score Source
CVSS 134c704f-9b21-4f2e-91b3-4a467353bcc0
CVSS 3.1 HIGH 9dacffd4-cb11-413f-8451-fbbfd4ddc0ab
CVSS 3.1 HIGH [email protected]
CVSS 3.1 HIGH MITRE-CVE
CVSS 3.1 HIGH 0b0ca135-0b70-47e7-9f44-1890c2a1c46c
CVSS 4.0 CRITICAL 9dacffd4-cb11-413f-8451-fbbfd4ddc0ab
CVSS 4.0 CRITICAL [email protected]
Solution
Update NGINX to a patched version to fix heap buffer overflow and potential code execution.
  • Update NGINX to a fixed version.
  • Apply vendor patches for NGINX.
  • Ensure ASLR is enabled on systems.
Public PoC/Exploit Available at Github

CVE-2026-42945 has a 99 public PoC/Exploit available at Github. Go to the Public Exploits tab to see the list.

References to Advisories, Solutions, and Tools

Here, you will find a curated list of external links that provide in-depth information, practical solutions, and valuable tools related to CVE-2026-42945.

URL Resource
https://my.f5.com/manage/s/article/K000161019 Mitigation Vendor Advisory
https://depthfirst.com/nginx-rift Mitigation Technical Description Third Party Advisory
https://github.com/DepthFirstDisclosures/Nginx-Rift Exploit Third Party Advisory
https://access.redhat.com/errata/RHSA-2026:17417
https://access.redhat.com/errata/RHSA-2026:17751
https://access.redhat.com/errata/RHSA-2026:17752
https://access.redhat.com/errata/RHSA-2026:17753
https://access.redhat.com/errata/RHSA-2026:17790
https://access.redhat.com/errata/RHSA-2026:17791
https://access.redhat.com/errata/RHSA-2026:17792
https://access.redhat.com/errata/RHSA-2026:17793
https://access.redhat.com/errata/RHSA-2026:17794
https://access.redhat.com/errata/RHSA-2026:18029
https://access.redhat.com/errata/RHSA-2026:18041
https://access.redhat.com/errata/RHSA-2026:18063
https://access.redhat.com/errata/RHSA-2026:19159
https://access.redhat.com/errata/RHSA-2026:19371
https://access.redhat.com/errata/RHSA-2026:19372
https://access.redhat.com/errata/RHSA-2026:19374
https://access.redhat.com/errata/RHSA-2026:20442
https://access.redhat.com/errata/RHSA-2026:20444
https://access.redhat.com/errata/RHSA-2026:21275
https://access.redhat.com/errata/RHSA-2026:22382
https://access.redhat.com/errata/RHSA-2026:22383
https://access.redhat.com/errata/RHSA-2026:22388
https://access.redhat.com/errata/RHSA-2026:22389
https://access.redhat.com/errata/RHSA-2026:22390
https://access.redhat.com/errata/RHSA-2026:22393
https://access.redhat.com/errata/RHSA-2026:22394
https://access.redhat.com/errata/RHSA-2026:22396
https://access.redhat.com/security/cve/CVE-2026-42945
https://bugzilla.redhat.com/show_bug.cgi?id=2477116
https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-42945.json
CWE - Common Weakness Enumeration

While CVE identifies specific instances of vulnerabilities, CWE categorizes the common flaws or weaknesses that can lead to vulnerabilities. CVE-2026-42945 is associated with the following CWEs:

Common Attack Pattern Enumeration and Classification (CAPEC)

Common Attack Pattern Enumeration and Classification (CAPEC) stores attack patterns, which are descriptions of the common attributes and approaches employed by adversaries to exploit the CVE-2026-42945 weaknesses.

We scan GitHub repositories to detect new proof-of-concept exploits. Following list is a collection of public exploits and proof-of-concepts, which have been published on GitHub (sorted by the most recently updated).

Multi-vector DevOps attack surface analysis — 18 CVEs across 12 tools mapped into a 9-layer kill chain. Includes deep-dive docs, attack chain simulations, and 56 detection rules (YARA, Sigma, Snort). NGINX → Argo CD → Grafana → Docker → Jenkins → Kubernetes → Prometheus → Ansible → Linux → GitHub

YARA Python

Updated: 1 week, 3 days ago
0 stars 0 fork 0 watcher
Born at : July 2, 2026, 9:08 p.m. This repo has been linked 16 different CVEs too.

well i dislike beeing called to much. that s just not fair

Java

Updated: 1 week, 3 days ago
0 stars 0 fork 0 watcher
Born at : July 1, 2026, 6:42 p.m. This repo has been linked 1 different CVEs too.

A flaw was found in NGINX, specifically within the ngx_http_rewrite_module. An unauthenticated attacker can exploit this vulnerability by sending crafted HTTP requests under specific rewrite configurations. This can lead to a heap buffer overflow in the NGINX worker process, which may result in arbitrary code execution

Python

Updated: 1 week, 5 days ago
0 stars 0 fork 0 watcher
Born at : July 1, 2026, 8:30 a.m. This repo has been linked 1 different CVEs too.

Complete Pentester Roadmap using free TryHackMe rooms

Updated: 4 days, 7 hours ago
0 stars 1 fork 1 watcher
Born at : June 30, 2026, 8:08 p.m. This repo has been linked 17 different CVEs too.

None

Python Shell HTML TypeScript Makefile Go CSS JavaScript

Updated: 1 week, 6 days ago
0 stars 0 fork 0 watcher
Born at : June 29, 2026, 1:28 p.m. This repo has been linked 1 different CVEs too.

Standalone Python 3 proof-of-concept exploits for recent CVEs - each with a write-up and a screenshot of a real run. For authorized security testing and education only.

cve exploit penetration-testing poc proof-of-concept python security-research vulnerability

Python C

Updated: 2 weeks, 5 days ago
0 stars 0 fork 0 watcher
Born at : June 23, 2026, 8:55 a.m. This repo has been linked 38 different CVEs too.

Technical analysis of CVE-2026-42945 (NGINX Rift), a critical heap buffer overflow in NGINX's rewrite engine caused by a state mismatch between length calculation and copy operations, enabling worker crashes and potential remote code execution.

Updated: 3 weeks ago
0 stars 0 fork 0 watcher
Born at : June 22, 2026, 11:02 a.m. This repo has been linked 1 different CVEs too.

None

Dockerfile Python Shell

Updated: 3 weeks, 1 day ago
2 stars 1 fork 1 watcher
Born at : June 20, 2026, 3:39 a.m. This repo has been linked 2 different CVEs too.

A dynamically growing portfolio of practical cybersecurity labs covering SOC operations, penetration testing, and real-world vulnerability mitigation.

Updated: 3 weeks, 3 days ago
0 stars 0 fork 0 watcher
Born at : June 18, 2026, 8:32 p.m. This repo has been linked 3 different CVEs too.

None

Dockerfile Java Python Batchfile Shell C

Updated: 3 weeks, 4 days ago
0 stars 0 fork 0 watcher
Born at : June 17, 2026, 9:08 p.m. This repo has been linked 1 different CVEs too.

None

Dockerfile Shell HTML PHP Python

Updated: 3 weeks, 4 days ago
0 stars 0 fork 0 watcher
Born at : June 17, 2026, 3:15 p.m. This repo has been linked 1 different CVEs too.

Ping7 defensive CVE tools, GitHub pages, and repair guides

cve incident-response ping7 security-tools vulnerability-management

Updated: 3 weeks, 4 days ago
0 stars 0 fork 0 watcher
Born at : June 16, 2026, 10:47 a.m. This repo has been linked 3 different CVEs too.

CVE-2026-42945 — NGINX Rewrite Module Heap Buffer Overflow RCE checker & Metasploit module

Python Ruby

Updated: 4 weeks ago
0 stars 0 fork 0 watcher
Born at : June 15, 2026, 7:10 a.m. This repo has been linked 1 different CVEs too.

Python RCE PoC with reverse-shell listener for CVE-2026-42945 (NGINX Rift)

Python

Updated: 4 weeks ago
0 stars 0 fork 0 watcher
Born at : June 14, 2026, 4:49 p.m. This repo has been linked 1 different CVEs too.

None

Dockerfile Rust

Updated: 4 weeks ago
0 stars 0 fork 0 watcher
Born at : June 12, 2026, 11:31 a.m. This repo has been linked 1 different CVEs too.

Results are limited to the first 15 repositories due to potential performance issues.

The following list is the news that have been mention CVE-2026-42945 vulnerability anywhere in the article.

  • The Hacker News
F5 Patches Two Critical NGINX Open Source Flaws Enabling Remote Code Execution

Ravie LakshmananJun 18, 2026Vulnerability / Cloud Security F5 has released security updates to address two critical security flaws in NGINX Open Source that could be exploited to achieve code execut ... Read more

Published Date: Jun 18, 2026 (3 weeks, 3 days ago)
  • The Hacker News
Google June 2026 Android Update Patches 124 Flaws, One Actively Exploited

Google on Monday released patches for 124 security vulnerabilities impacting its Android operating system for the month of June 2026, including one high-severity flaw in the Framework component that h ... Read more

Published Date: Jun 02, 2026 (1 month, 1 week ago)
  • The Hacker News
Gamaredon Exploits WinRAR to Deliver GammaWorm and GammaSteel Against Ukraine

The Russian hacking group known as Gamaredon has been attributed to the continued exploitation of a WinRAR vulnerability to deliver multiple malware families aimed at data theft and propagation. Per S ... Read more

Published Date: Jun 02, 2026 (1 month, 1 week ago)
  • The Hacker News
Oracle WebLogic CVE-2024-21182 Added to KEV Catalog After Active Exploitation

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Monday added a high-severity security flaw impacting Oracle WebLogic Server to its Known Exploited Vulnerabilities (KEV) Catalog, ba ... Read more

Published Date: Jun 02, 2026 (1 month, 1 week ago)
  • The Hacker News
Critical WP Maps Pro Flaw Actively Exploited to Create Admin Accounts

Threat actors are attempting to actively exploit a critical security flaw impacting WP Maps Pro, a WordPress plugin that has had over 15,000 sales on the Envato Market, to create malicious administrat ... Read more

Published Date: Jun 01, 2026 (1 month, 1 week ago)
  • The Hacker News
PAN-OS GlobalProtect Authentication Bypass (CVE-2026-0257) Under Active Exploitation

Palo Alto Networks has warned that a recently disclosed medium-severity security flaw impacting PAN-OS and Prisma Access has come under active exploitation in the wild. The vulnerability, tracked as C ... Read more

Published Date: May 30, 2026 (1 month, 1 week ago)
  • The Hacker News
Attackers Use LLM Agent for Post-Exploitation After Marimo CVE-2026-39987 Exploit

An unknown threat actor has been observed using a large language model (LLM) agent to conduct post-compromise actions after obtaining initial access following the exploitation of a publicly-accessible ... Read more

Published Date: May 29, 2026 (1 month, 2 weeks ago)
  • The Hacker News
Threat Actors Exploit Critical FortiClient EMS Flaw to Deploy Credential Stealer

Threat actors are continuing to exploit a critical, now-patched security flaw impacting FortiClient Endpoint Management Server (EMS) deployments to deliver credential-stealing malware. "The campaign a ... Read more

Published Date: May 28, 2026 (1 month, 2 weeks ago)
  • The Hacker News
Microsoft Slams Public Zero-Day Disclosures Amid GitHub Researcher Account Removal

Microsoft has come out strongly in favor of Coordinated Vulnerability Disclosure (CVD), urging the research community to share their findings and give affected vendors an opportunity to better underst ... Read more

Published Date: May 28, 2026 (1 month, 2 weeks ago)
  • The Hacker News
ThreatsDay Bulletin: Claude Security Plugin, Azure Priv-Esc, Kali365 MFA Bypass, FIFA Scams +15 More

Every time you think the industry has finally stopped doing some reckless, low-effort crap, somebody spins up a fresh box full of sketchy loaders, fake installers, recycled social-engineering bait, an ... Read more

Published Date: May 28, 2026 (1 month, 2 weeks ago)
  • The Hacker News
AI Chatbot Recommendations Redirect Users to Cryptojacking Malware Sites

Microsoft has warned of an active cryptojacking campaign that makes use of artificial intelligence (AI) chatbot interactions as a mechanism for surfacing malicious download sites. "This emerging deliv ... Read more

Published Date: May 27, 2026 (1 month, 2 weeks ago)
  • The Hacker News
Microsoft Patches SharePoint RCE Flaw CVE-2026-45659 Across Server Versions

Microsoft has rolled out updates to fix a remote code execution vulnerability impacting SharePoint that could be exploited by bad actors in attacks without requiring any specialized conditions to be m ... Read more

Published Date: May 26, 2026 (1 month, 2 weeks ago)
  • The Hacker News
KnowledgeDeliver LMS Flaw Exploited to Deploy Godzilla and Cobalt Strike

A now-patched high-severity security flaw affecting Digital Knowledge KnowledgeDeliver, a Learning Management System (LMS) popular in Japan, was exploited as a zero-day to deliver the Godzilla web she ... Read more

Published Date: May 26, 2026 (1 month, 2 weeks ago)
  • The Hacker News
Ghost CMS CVE-2026-26980 Exploited to Hijack 700+ Sites for ClickFix Attacks

Threat actors are exploiting a recently disclosed critical security flaw in Ghost CMS to inject malicious JavaScript code with an aim to fuel ClickFix attacks. According to QiAnXin XLab, the activity ... Read more

Published Date: May 25, 2026 (1 month, 2 weeks ago)
  • CybersecurityNews
Nginx-poolslip Vulnerability Enables DoS and Code Execution Attacks — Patch Now!

A newly disclosed flaw in one of the world’s most widely deployed web servers is forcing administrators into another emergency patch cycle. Tracked as CVE-2026-9256 and publicly nicknamed nginx-poolsl ... Read more

Published Date: May 23, 2026 (1 month, 2 weeks ago)
  • CybersecurityNews
New NGINX 0-Day RCE “nginx-poolslip” Affects Millions of NGINX Servers

A newly disclosed zero-day remote code execution (RCE) vulnerability, dubbed nginx-poolslip, has been identified in NGINX version 1.31.0, the latest stable release of the widely deployed web server so ... Read more

Published Date: May 21, 2026 (1 month, 3 weeks ago)
  • The Cyber Express
Critical ChromaDB Flaw Exposes AI Vector Databases to Remote Code Execution

The security issue tracked as CVE-2026-45829, often referred to in analysis as ChromaToast Served Pre-Auth, affects the open-source vector database ChromaDB. ChromaDB is widely used for semantic searc ... Read more

Published Date: May 20, 2026 (1 month, 3 weeks ago)
  • The Cyber Express
Critical NGINX Vulnerability CVE-2026-42945 Now Under Active Attack

Cybersecurity researchers are warning that attackers have already started exploiting a newly disclosed NGINX vulnerability, tracked as CVE-2026-42945, just days after technical details and proof-of-co ... Read more

Published Date: May 19, 2026 (1 month, 3 weeks ago)
  • CybersecurityNews
Hackers Actively Exploiting Critical NGINX RCE Vulnerability in the Wild

Hackers are wasting no time exploiting a newly disclosed critical vulnerability in NGINX, with security researchers already observing real-world attacks just days after its public release. Security re ... Read more

Published Date: May 18, 2026 (1 month, 3 weeks ago)
  • TheCyberThrone
Pwn2Own Berlin 2026 a Detailed Report

The curtain has fallen on Pwn2Own Berlin 2026. Three days. 47 unique zero-day vulnerabilities. $1,298,250 in total payouts. And a competition that, for the first time in its 19-year history, ran out o ... Read more

Published Date: May 18, 2026 (1 month, 3 weeks ago)

The following table lists the changes that have been made to the CVE-2026-42945 vulnerability over time.

Vulnerability history details can be useful for understanding the evolution of a vulnerability, and for identifying the most recent changes that may impact the vulnerability's severity, exploitability, or other characteristics.

  • CVE Modified by 0b0ca135-0b70-47e7-9f44-1890c2a1c46c

    Jun. 27, 2026

    Action Type Old Value New Value
    Added Affected [{'cpes': ['cpe:/o:redhat:enterprise_linux_eus:10.0'], 'vendor': 'Red Hat', 'product': 'Red Hat Enterprise Linux AppStream EUS (v. 10.0)', 'defaultStatus': 'affected'}, {'cpes': ['cpe:/o:redhat:enterprise_linux:10.1', 'cpe:/o:redhat:enterprise_linux:10.2'], 'vendor': 'Red Hat', 'product': 'Red Hat Enterprise Linux AppStream (v. 10)', 'defaultStatus': 'affected'}, {'cpes': ['cpe:/a:redhat:enterprise_linux:8::appstream'], 'vendor': 'Red Hat', 'product': 'Red Hat Enterprise Linux AppStream (v. 8)', 'defaultStatus': 'affected'}, {'cpes': ['cpe:/a:redhat:rhel_e4s:9.0::appstream'], 'vendor': 'Red Hat', 'product': 'Red Hat Enterprise Linux AppStream E4S (v.9.0)', 'defaultStatus': 'affected'}, {'cpes': ['cpe:/a:redhat:rhel_e4s:9.2::appstream'], 'vendor': 'Red Hat', 'product': 'Red Hat Enterprise Linux AppStream E4S (v.9.2)', 'defaultStatus': 'affected'}, {'cpes': ['cpe:/a:redhat:rhel_eus:9.4::appstream'], 'vendor': 'Red Hat', 'product': 'Red Hat Enterprise Linux AppStream EUS (v.9.4)', 'defaultStatus': 'affected'}, {'cpes': ['cpe:/a:redhat:rhel_eus:9.6::appstream'], 'vendor': 'Red Hat', 'product': 'Red Hat Enterprise Linux AppStream EUS (v.9.6)', 'defaultStatus': 'affected'}, {'cpes': ['cpe:/a:redhat:enterprise_linux:9::appstream'], 'vendor': 'Red Hat', 'product': 'Red Hat Enterprise Linux AppStream (v. 9)', 'defaultStatus': 'affected'}, {'cpes': ['cpe:/o:redhat:enterprise_linux_eus:10.0'], 'vendor': 'Red Hat', 'product': 'Red Hat Enterprise Linux CodeReady Linux Builder EUS (v. 10.0)', 'defaultStatus': 'affected'}, {'cpes': ['cpe:/o:redhat:enterprise_linux:10.1', 'cpe:/o:redhat:enterprise_linux:10.2'], 'vendor': 'Red Hat', 'product': 'Red Hat Enterprise Linux CodeReady Linux Builder (v. 10)', 'defaultStatus': 'affected'}, {'cpes': ['cpe:/a:redhat:rhel_eus:9.4::crb'], 'vendor': 'Red Hat', 'product': 'Red Hat CodeReady Linux Builder EUS (v.9.4)', 'defaultStatus': 'affected'}, {'cpes': ['cpe:/a:redhat:rhel_eus:9.6::crb'], 'vendor': 'Red Hat', 'product': 'Red Hat CodeReady Linux Builder EUS (v.9.6)', 'defaultStatus': 'affected'}, {'cpes': ['cpe:/a:redhat:enterprise_linux:9::crb'], 'vendor': 'Red Hat', 'product': 'Red Hat Enterprise Linux CodeReady Linux Builder (v. 9)', 'defaultStatus': 'affected'}, {'cpes': ['cpe:/a:redhat:hummingbird:1'], 'vendor': 'Red Hat', 'product': 'Red Hat Hardened Images', 'defaultStatus': 'affected'}, {'cpes': ['cpe:/a:redhat:openshift_data_foundation:4.14::el9'], 'vendor': 'Red Hat', 'product': 'Red Hat Openshift Data Foundation 4.14', 'defaultStatus': 'affected'}, {'cpes': ['cpe:/a:redhat:openshift_data_foundation:4.15::el9'], 'vendor': 'Red Hat', 'product': 'Red Hat Openshift Data Foundation 4.15', 'defaultStatus': 'affected'}, {'cpes': ['cpe:/a:redhat:openshift_data_foundation:4.16::el9'], 'vendor': 'Red Hat', 'product': 'Red Hat Openshift Data Foundation 4.16', 'defaultStatus': 'affected'}, {'cpes': ['cpe:/a:redhat:openshift_data_foundation:4.17::el9'], 'vendor': 'Red Hat', 'product': 'Red Hat Openshift Data Foundation 4.17', 'defaultStatus': 'affected'}, {'cpes': ['cpe:/a:redhat:openshift_data_foundation:4.18::el9'], 'vendor': 'Red Hat', 'product': 'Red Hat Openshift Data Foundation 4.18', 'defaultStatus': 'affected'}, {'cpes': ['cpe:/a:redhat:openshift_data_foundation:4.19::el9'], 'vendor': 'Red Hat', 'product': 'Red Hat Openshift Data Foundation 4.19', 'defaultStatus': 'affected'}, {'cpes': ['cpe:/a:redhat:openshift_data_foundation:4.21::el9'], 'vendor': 'Red Hat', 'product': 'Red Hat Openshift Data Foundation 4.21', 'defaultStatus': 'affected'}, {'cpes': ['cpe:/a:redhat:openshift_data_foundation:4.20::el9'], 'vendor': 'Red Hat', 'product': 'Red Hat Openshift Data Foundation 4.2', 'defaultStatus': 'affected'}, {'cpes': ['cpe:/a:redhat:satellite:6.18::el9'], 'vendor': 'Red Hat', 'product': 'Red Hat Satellite 6.18', 'defaultStatus': 'affected'}, {'cpes': ['cpe:/a:redhat:satellite:6.19::el9'], 'vendor': 'Red Hat', 'product': 'Red Hat Satellite 6.19', 'defaultStatus': 'affected'}, {'cpes': ['cpe:/a:redhat:rhui:5::el9'], 'vendor': 'Red Hat', 'product': 'Red Hat Update Infrastructure 5', 'defaultStatus': 'affected'}, {'cpes': ['cpe:/a:redhat:red_hat_3scale_amp:2'], 'vendor': 'Red Hat', 'product': 'Red Hat 3scale API Management Platform 2', 'defaultStatus': 'affected'}, {'cpes': ['cpe:/a:redhat:insights_proxy:1'], 'vendor': 'Red Hat', 'product': 'Red Hat Lightspeed proxy 1', 'defaultStatus': 'affected'}]
    Added CVSS V3.1 AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
    Added CWE CWE-131
    Added Reference https://access.redhat.com/errata/RHSA-2026:17417
    Added Reference https://access.redhat.com/errata/RHSA-2026:17751
    Added Reference https://access.redhat.com/errata/RHSA-2026:17752
    Added Reference https://access.redhat.com/errata/RHSA-2026:17753
    Added Reference https://access.redhat.com/errata/RHSA-2026:17790
    Added Reference https://access.redhat.com/errata/RHSA-2026:17791
    Added Reference https://access.redhat.com/errata/RHSA-2026:17792
    Added Reference https://access.redhat.com/errata/RHSA-2026:17793
    Added Reference https://access.redhat.com/errata/RHSA-2026:17794
    Added Reference https://access.redhat.com/errata/RHSA-2026:18029
    Added Reference https://access.redhat.com/errata/RHSA-2026:18041
    Added Reference https://access.redhat.com/errata/RHSA-2026:18063
    Added Reference https://access.redhat.com/errata/RHSA-2026:19159
    Added Reference https://access.redhat.com/errata/RHSA-2026:19371
    Added Reference https://access.redhat.com/errata/RHSA-2026:19372
    Added Reference https://access.redhat.com/errata/RHSA-2026:19374
    Added Reference https://access.redhat.com/errata/RHSA-2026:20442
    Added Reference https://access.redhat.com/errata/RHSA-2026:20444
    Added Reference https://access.redhat.com/errata/RHSA-2026:21275
    Added Reference https://access.redhat.com/errata/RHSA-2026:22382
    Added Reference https://access.redhat.com/errata/RHSA-2026:22383
    Added Reference https://access.redhat.com/errata/RHSA-2026:22388
    Added Reference https://access.redhat.com/errata/RHSA-2026:22389
    Added Reference https://access.redhat.com/errata/RHSA-2026:22390
    Added Reference https://access.redhat.com/errata/RHSA-2026:22393
    Added Reference https://access.redhat.com/errata/RHSA-2026:22394
    Added Reference https://access.redhat.com/errata/RHSA-2026:22396
    Added Reference https://access.redhat.com/security/cve/CVE-2026-42945
    Added Reference https://bugzilla.redhat.com/show_bug.cgi?id=2477116
    Added Reference https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-42945.json
  • Reanalysis by [email protected]

    Jun. 18, 2026

    Action Type Old Value New Value
    Changed CPE Configuration OR *cpe:2.3:a:f5:nginx_ingress_controller:*:*:*:*:*:*:*:* versions from (including) 4.0.0 up to (including) 4.0.1 *cpe:2.3:a:f5:nginx_app_protect_dos:*:*:*:*:*:*:*:* versions from (including) 4.3.0 up to (including) 4.7.0 *cpe:2.3:a:f5:nginx_app_protect_waf:*:*:*:*:*:*:*:* versions from (including) 4.9.0 up to (including) 4.16.0 *cpe:2.3:a:f5:nginx_app_protect_waf:*:*:*:*:*:*:*:* versions from (including) 5.1.0 up to (including) 5.8.0 *cpe:2.3:a:f5:nginx_gateway_fabric:*:*:*:*:*:*:*:* versions from (including) 1.3.0 up to (including) 1.6.2 *cpe:2.3:a:f5:nginx_ingress_controller:*:*:*:*:*:*:*:* versions from (including) 3.5.0 up to (including) 3.7.2 *cpe:2.3:a:f5:nginx_plus:*:*:*:*:*:*:*:* versions from (including) r32 up to (including) r36 *cpe:2.3:a:f5:nginx_gateway_fabric:*:*:*:*:*:*:*:* versions from (including) 2.0.0 up to (including) 2.5.1 *cpe:2.3:a:f5:nginx_ingress_controller:*:*:*:*:*:*:*:* versions from (including) 5.0.0 up to (including) 5.4.1 *cpe:2.3:a:f5:nginx_instance_manager:*:*:*:*:*:*:*:* versions from (including) 2.16.0 up to (including) 2.21.1 *cpe:2.3:a:f5:nginx_open_source:*:*:*:*:*:*:*:* versions from (including) 0.6.27 up to (including) 1.30.0 *cpe:2.3:a:f5:dos:4.8.0:*:*:*:*:nginx:*:* *cpe:2.3:a:f5:waf:*:*:*:*:*:nginx:*:* versions from (including) 5.9.0 up to (including) 5.12.1 OR *cpe:2.3:a:f5:nginx_ingress_controller:*:*:*:*:*:*:*:* versions from (including) 4.0.0 up to (including) 4.0.1 *cpe:2.3:a:f5:nginx_gateway_fabric:*:*:*:*:*:*:*:* versions from (including) 1.3.0 up to (including) 1.6.2 *cpe:2.3:a:f5:nginx_ingress_controller:*:*:*:*:*:*:*:* versions from (including) 3.5.0 up to (including) 3.7.2 *cpe:2.3:a:f5:nginx_plus:*:*:*:*:*:*:*:* versions from (including) r32 up to (including) r36 *cpe:2.3:a:f5:nginx_gateway_fabric:*:*:*:*:*:*:*:* versions from (including) 2.0.0 up to (including) 2.5.1 *cpe:2.3:a:f5:nginx_ingress_controller:*:*:*:*:*:*:*:* versions from (including) 5.0.0 up to (including) 5.4.1 *cpe:2.3:a:f5:nginx_instance_manager:*:*:*:*:*:*:*:* versions from (including) 2.16.0 up to (including) 2.21.1 *cpe:2.3:a:f5:nginx_open_source:*:*:*:*:*:*:*:* versions from (including) 0.6.27 up to (including) 1.30.0 *cpe:2.3:a:f5:dos:4.8.0:*:*:*:*:nginx:*:* *cpe:2.3:a:f5:waf:*:*:*:*:*:nginx:*:* versions from (including) 5.9.0 up to (including) 5.12.1 *cpe:2.3:a:f5:dos:*:*:*:*:*:nginx:*:* versions from (including) 4.3.0 up to (including) 4.7.0 *cpe:2.3:a:f5:waf:*:*:*:*:*:nginx:*:* versions from (including) 5.1.0 up to (including) 5.8.0 *cpe:2.3:a:f5:waf:*:*:*:*:*:nginx:*:* versions from (including) 4.9.0 up to (including) 4.16.0
  • Initial Analysis by [email protected]

    Jun. 17, 2026

    Action Type Old Value New Value
    Added CPE Configuration OR *cpe:2.3:a:f5:nginx_ingress_controller:*:*:*:*:*:*:*:* versions from (including) 4.0.0 up to (including) 4.0.1 *cpe:2.3:a:f5:nginx_app_protect_dos:*:*:*:*:*:*:*:* versions from (including) 4.3.0 up to (including) 4.7.0 *cpe:2.3:a:f5:nginx_app_protect_waf:*:*:*:*:*:*:*:* versions from (including) 4.9.0 up to (including) 4.16.0 *cpe:2.3:a:f5:nginx_app_protect_waf:*:*:*:*:*:*:*:* versions from (including) 5.1.0 up to (including) 5.8.0 *cpe:2.3:a:f5:nginx_gateway_fabric:*:*:*:*:*:*:*:* versions from (including) 1.3.0 up to (including) 1.6.2 *cpe:2.3:a:f5:nginx_ingress_controller:*:*:*:*:*:*:*:* versions from (including) 3.5.0 up to (including) 3.7.2 *cpe:2.3:a:f5:nginx_plus:*:*:*:*:*:*:*:* versions from (including) r32 up to (including) r36 *cpe:2.3:a:f5:nginx_gateway_fabric:*:*:*:*:*:*:*:* versions from (including) 2.0.0 up to (including) 2.5.1 *cpe:2.3:a:f5:nginx_ingress_controller:*:*:*:*:*:*:*:* versions from (including) 5.0.0 up to (including) 5.4.1 *cpe:2.3:a:f5:nginx_instance_manager:*:*:*:*:*:*:*:* versions from (including) 2.16.0 up to (including) 2.21.1 *cpe:2.3:a:f5:nginx_open_source:*:*:*:*:*:*:*:* versions from (including) 0.6.27 up to (including) 1.30.0 *cpe:2.3:a:f5:dos:4.8.0:*:*:*:*:nginx:*:* *cpe:2.3:a:f5:waf:*:*:*:*:*:nginx:*:* versions from (including) 5.9.0 up to (including) 5.12.1
    Added Reference Type F5 Networks: https://my.f5.com/manage/s/article/K000161019 Types: Mitigation, Vendor Advisory
    Added Reference Type CVE: https://depthfirst.com/nginx-rift Types: Mitigation, Technical Description, Third Party Advisory
    Added Reference Type CVE: https://github.com/DepthFirstDisclosures/Nginx-Rift Types: Exploit, Third Party Advisory
  • CVE Modified by [email protected]

    Jun. 17, 2026

    Action Type Old Value New Value
    Added Affected [{'vendor': 'F5', 'modules': ['ngx_http_rewrite_module'], 'product': 'NGINX Plus', 'versions': [{'status': 'unaffected', 'version': 'R37', 'lessThan': '*', 'versionType': 'custom'}, {'status': 'affected', 'version': 'R36', 'lessThan': 'R36 P4', 'versionType': 'custom'}, {'status': 'affected', 'version': 'R32', 'lessThan': 'R32 P6', 'versionType': 'custom'}], 'defaultStatus': 'unknown'}, {'vendor': 'F5', 'modules': ['ngx_http_rewrite_module'], 'product': 'NGINX Open Source', 'versions': [{'status': 'unaffected', 'version': '1.31.0', 'lessThan': '*', 'versionType': 'semver'}, {'status': 'affected', 'version': '0.6.27', 'lessThan': '1.30.1', 'versionType': 'semver'}], 'defaultStatus': 'unaffected'}]
  • CVE Modified by 134c704f-9b21-4f2e-91b3-4a467353bcc0

    Jun. 17, 2026

    Action Type Old Value New Value
    Added SSVC {'id': 'CVE-2026-42945', 'role': 'CISA Coordinator', 'options': [{'exploitation': 'none'}, {'automatable': 'no'}, {'technicalImpact': 'total'}], 'version': '2.0.3', 'timestamp': '2026-05-13T00:00:00+00:00'}
  • CVE Modified by [email protected]

    May. 21, 2026

    Action Type Old Value New Value
    Changed Description NGINX Plus and NGINX Open Source have a vulnerability in the ngx_http_rewrite_module module. This vulnerability exists when the rewrite directive is followed by a rewrite, if, or set directive and an unnamed Perl-Compatible Regular Expression (PCRE) capture (for example, $1, $2) with a replacement string that includes a question mark (?). An unauthenticated attacker along with conditions beyond its control can exploit this vulnerability by sending crafted HTTP requests. This may cause a heap buffer overflow in the NGINX worker process leading to a restart. Additionally, for systems with Address Space Layout Randomization (ASLR ) disabled, code execution is possible.  Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. NGINX Plus and NGINX Open Source have a vulnerability in the ngx_http_rewrite_module module. This vulnerability exists when the rewrite directive is followed by a rewrite, if, or set directive and an unnamed Perl-Compatible Regular Expression (PCRE) capture (for example, $1, $2) with a replacement string that includes a question mark (?). An unauthenticated attacker along with conditions beyond its control can exploit this vulnerability by sending crafted HTTP requests. This may cause a heap buffer overflow in the NGINX worker process leading to a restart. Additionally, attackers can execute code on systems with Address Space Layout Randomization (ASLR) disabled or when the attacker can bypass ASLR.  Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
  • CVE Modified by af854a3a-2127-422b-91ae-364da2661108

    May. 14, 2026

    Action Type Old Value New Value
    Added Reference https://github.com/DepthFirstDisclosures/Nginx-Rift
  • CVE Modified by af854a3a-2127-422b-91ae-364da2661108

    May. 14, 2026

    Action Type Old Value New Value
    Added Reference https://depthfirst.com/nginx-rift
  • New CVE Received by [email protected]

    May. 13, 2026

    Action Type Old Value New Value
    Added Description NGINX Plus and NGINX Open Source have a vulnerability in the ngx_http_rewrite_module module. This vulnerability exists when the rewrite directive is followed by a rewrite, if, or set directive and an unnamed Perl-Compatible Regular Expression (PCRE) capture (for example, $1, $2) with a replacement string that includes a question mark (?). An unauthenticated attacker along with conditions beyond its control can exploit this vulnerability by sending crafted HTTP requests. This may cause a heap buffer overflow in the NGINX worker process leading to a restart. Additionally, for systems with Address Space Layout Randomization (ASLR ) disabled, code execution is possible.  Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
    Added CVSS V4.0 AV:N/AC:H/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
    Added CVSS V3.1 AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
    Added CWE CWE-122
    Added Reference https://my.f5.com/manage/s/article/K000161019
EPSS is a daily estimate of the probability of exploitation activity being observed over the next 30 days. Following chart shows the EPSS score history of the vulnerability.