CVE-2026-42945: CVE-2026-42945: Heap-based Buffer Overflow in NGINX ngx_http_rewrite_module

1 / 2

CVE-2026-42945: CVE-2026-42945: Heap-based Buffer Overflow in NGINX ngx_http_rewrite_module

DEV Community·CVE Reports·19 days ago

#R0f8HnVs

#exploit #security #cve #cybersecurity #nginx #configuration

Reading 0:00

15s threshold

CVE-2026-42945: Heap-based Buffer Overflow in NGINX ngx_http_rewrite_module Vulnerability ID: CVE-2026-42945 CVSS Score: 8.1 Published: 2026-05-13 A heap-based buffer overflow vulnerability exists in the NGINX ngx_http_rewrite_module due to an inconsistency in the two-pass script execution engine. Discovered by depthfirst, this flaw allows unauthenticated remote attackers to trigger memory corruption under specific configuration conditions, resulting in denial of service or remote code execution. TL;DR CVE-2026-42945 is a critical heap buffer overflow in NGINX's rewrite module. An unauthenticated attacker can crash worker processes or execute arbitrary code if the server configuration combines specific rewrite and capture directives.…

Continue reading — create a free account

Join HashtagPLUS to read full articles, follow hashtags, vote, and join the conversation.

Create free account Log in

Menu

CVE-2026-42945: CVE-2026-42945: Heap-based Buffer Overflow in NGINX ngx_http_rewrite_module