CVE-2026-42945
Przepełnienie bufora w NGINX może prowadzić do restartu lub zdalnego wykonania kodu.
NGINX Plus and NGINX Open Source have a vulnerability in the ngx_http_rewrite_module module. This vulnerability exists when the rewrite directive is followed by a rewrite, if, or set directive and an unnamed Perl-Compatible Regular Expression (PCRE) capture (for example, $1, $2) with a replacement string that includes a question mark (?). An unauthenticated attacker along with conditions beyond its control can exploit this vulnerability by sending crafted HTTP requests. This may cause a heap buffer overflow in the NGINX worker process leading to a restart. Additionally, attackers can execute code on systems with Address Space Layout Randomization (ASLR) disabled or when the attacker can bypass ASLR. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
| Źródło | Wartość |
|---|---|
| NVD – CVSS | 8.1 |
| CISA KEV (aktywnie wykorzystywane) | Nie |
| FIRST EPSS (prawdopodobieństwo exploita) | 61.5% |
| Opublikowano (NVD) | 2026-05-13 16:16:50 UTC |
| Ostatnia modyfikacja (NVD) | 2026-06-27 05:16:45 UTC |
- https://my.f5.com/manage/s/article/K000161019 (f5sirt@f5.com) [Mitigation, Vendor Advisory]
- https://depthfirst.com/nginx-rift (af854a3a-2127-422b-91ae-364da2661108) [Mitigation, Technical Description, Third Party Advisory]
- https://github.com/DepthFirstDisclosures/Nginx-Rift (af854a3a-2127-422b-91ae-364da2661108) [Exploit, Third Party Advisory]
- https://access.redhat.com/errata/RHSA-2026:17417 (0b0ca135-0b70-47e7-9f44-1890c2a1c46c)
- https://access.redhat.com/errata/RHSA-2026:17751 (0b0ca135-0b70-47e7-9f44-1890c2a1c46c)
- https://access.redhat.com/errata/RHSA-2026:17752 (0b0ca135-0b70-47e7-9f44-1890c2a1c46c)
- https://access.redhat.com/errata/RHSA-2026:17753 (0b0ca135-0b70-47e7-9f44-1890c2a1c46c)
- https://access.redhat.com/errata/RHSA-2026:17790 (0b0ca135-0b70-47e7-9f44-1890c2a1c46c)
- https://access.redhat.com/errata/RHSA-2026:17791 (0b0ca135-0b70-47e7-9f44-1890c2a1c46c)
- https://access.redhat.com/errata/RHSA-2026:17792 (0b0ca135-0b70-47e7-9f44-1890c2a1c46c)
- https://access.redhat.com/errata/RHSA-2026:17793 (0b0ca135-0b70-47e7-9f44-1890c2a1c46c)
- https://access.redhat.com/errata/RHSA-2026:17794 (0b0ca135-0b70-47e7-9f44-1890c2a1c46c)
- https://access.redhat.com/errata/RHSA-2026:18029 (0b0ca135-0b70-47e7-9f44-1890c2a1c46c)
- https://access.redhat.com/errata/RHSA-2026:18041 (0b0ca135-0b70-47e7-9f44-1890c2a1c46c)
- https://access.redhat.com/errata/RHSA-2026:18063 (0b0ca135-0b70-47e7-9f44-1890c2a1c46c)
- https://access.redhat.com/errata/RHSA-2026:19159 (0b0ca135-0b70-47e7-9f44-1890c2a1c46c)
- https://access.redhat.com/errata/RHSA-2026:19371 (0b0ca135-0b70-47e7-9f44-1890c2a1c46c)
- https://access.redhat.com/errata/RHSA-2026:19372 (0b0ca135-0b70-47e7-9f44-1890c2a1c46c)
- https://access.redhat.com/errata/RHSA-2026:19374 (0b0ca135-0b70-47e7-9f44-1890c2a1c46c)
- https://access.redhat.com/errata/RHSA-2026:20442 (0b0ca135-0b70-47e7-9f44-1890c2a1c46c)
- https://access.redhat.com/errata/RHSA-2026:20444 (0b0ca135-0b70-47e7-9f44-1890c2a1c46c)
- https://access.redhat.com/errata/RHSA-2026:21275 (0b0ca135-0b70-47e7-9f44-1890c2a1c46c)
- https://access.redhat.com/errata/RHSA-2026:22382 (0b0ca135-0b70-47e7-9f44-1890c2a1c46c)
- https://access.redhat.com/errata/RHSA-2026:22383 (0b0ca135-0b70-47e7-9f44-1890c2a1c46c)
- https://access.redhat.com/errata/RHSA-2026:22388 (0b0ca135-0b70-47e7-9f44-1890c2a1c46c)
- https://access.redhat.com/errata/RHSA-2026:22389 (0b0ca135-0b70-47e7-9f44-1890c2a1c46c)
- https://access.redhat.com/errata/RHSA-2026:22390 (0b0ca135-0b70-47e7-9f44-1890c2a1c46c)
- https://access.redhat.com/errata/RHSA-2026:22393 (0b0ca135-0b70-47e7-9f44-1890c2a1c46c)
- https://access.redhat.com/errata/RHSA-2026:22394 (0b0ca135-0b70-47e7-9f44-1890c2a1c46c)
- https://access.redhat.com/errata/RHSA-2026:22396 (0b0ca135-0b70-47e7-9f44-1890c2a1c46c)
- https://access.redhat.com/security/cve/CVE-2026-42945 (0b0ca135-0b70-47e7-9f44-1890c2a1c46c)
- https://bugzilla.redhat.com/show_bug.cgi?id=2477116 (0b0ca135-0b70-47e7-9f44-1890c2a1c46c)
- https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-42945.json (0b0ca135-0b70-47e7-9f44-1890c2a1c46c)