AI description
CVE-2026-42945 is a heap buffer overflow vulnerability found in the `ngx_http_rewrite_module` of NGINX Plus and NGINX Open Source. This flaw occurs when a `rewrite` directive is immediately followed by another `rewrite`, `if`, or `set` directive, and an unnamed Perl-Compatible Regular Expression (PCRE) capture (such as `$1` or `$2`) is used within a replacement string that contains a question mark (`?`). An unauthenticated attacker can exploit this vulnerability by sending specially crafted HTTP requests. This can lead to a heap buffer overflow in the NGINX worker process, causing it to restart. Additionally, on systems where Address Space Layout Randomization (ASLR) is disabled, this vulnerability could potentially allow for code execution.
- Description
- NGINX Plus and NGINX Open Source have a vulnerability in the ngx_http_rewrite_module module. This vulnerability exists when the rewrite directive is followed by a rewrite, if, or set directive and an unnamed Perl-Compatible Regular Expression (PCRE) capture (for example, $1, $2) with a replacement string that includes a question mark (?). An unauthenticated attacker along with conditions beyond its control can exploit this vulnerability by sending crafted HTTP requests. This may cause a heap buffer overflow in the NGINX worker process leading to a restart. Additionally, for systems with Address Space Layout Randomization (ASLR ) disabled, code execution is possible. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
- Source
- f5sirt@f5.com
- NVD status
- Awaiting Analysis
CVSS 4.0
- Type
- Secondary
- Base score
- 9.2
- Impact score
- -
- Exploitability score
- -
- Vector string
- CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
- Severity
- CRITICAL
CVSS 3.1
- Type
- Secondary
- Base score
- 8.1
- Impact score
- 5.9
- Exploitability score
- 2.2
- Vector string
- CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
- Severity
- HIGH
- f5sirt@f5.com
- CWE-122
Hype score is a measure of social media activity compared against trending CVEs from the past 12 months. Max score 100.
- Hype score
28
Nginx 1.31.0 Security Update - 6 CVEs Fixed CVE-2026-42945 - Heap buffer overflow in ngx_http_rewrite_module (potential code execution) CVE-2026-42926 - HTTP/2 request injection via proxy_set_body CVE-2026-42946 CVE-2026-42934 CVE-2026-40460 CVE-2026-40701 https://t.co/eRNItKkZ
@vutruso
15 May 2026
50 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Cisco SD-WAN CVE-2026-20182 actively exploited by UAT-8616. node-ipc npm (3.35M/mo) backdoored — creds exfil via DNS. 18-yr NGINX RCE CVE-2026-42945. CISA ICS x13. .NET EoP. Full brief: https://t.co/OS6nwum7v3 #Daily #ThreatIntel #InfoSec
@ORIntelligence
14 May 2026
22 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
NGINX 1.30.1 fixes a 9.2 CVSS RCE flaw (CVE-2026-42945) and five other critical vulnerabilities. Protect your web infrastructure and update immediately! #NGINX #CyberSecurity #InfoSec #RCE #VulnerabilityAlert #CVE #HTTP3 #QUIC #WebSecurity #PatchNow https://t.co/Ys6jFeUrw6 https
@the_yellow_fall
14 May 2026
680 Impressions
1 Retweet
4 Likes
1 Bookmark
0 Replies
0 Quotes
‼️ CVE-2026-42945: RCE Proof of concept for CVE-2026-42945, a critical heap buffer overflow in NGINX's ngx_http_rewrite_module introduced in 2008 GitHub: https://t.co/7NtKsP3oXh https://t.co/XhQv80TJyf
@DarkWebInformer
14 May 2026
31616 Impressions
59 Retweets
282 Likes
160 Bookmarks
2 Replies
2 Quotes