CVE-2026-42945

Name of the Vulnerable Software and Affected Versions NGINX Plus and NGINX Open Source versions 0.6.27 through 1.30.0

Description A heap buffer overflow exists in the ngx http rewrite module module. This occurs when the rewrite directive is followed by a rewrite, if, or set directive and an unnamed Perl-Compatible Regular Expression (PCRE) capture (such as $1 or $2) with a replacement string containing a question mark (?). An unauthenticated attacker can exploit this by sending crafted HTTP requests, which may cause the NGINX worker process to restart. On systems where Address Space Layout Randomization (ASLR)—a security technique that randomly arranges the address space positions of key data areas of a process—is disabled, code execution is possible.

Recommendations Update to version 1.30.1 or 1.31.0. As a temporary mitigation, adjust the configuration to avoid using the rewrite and set directives in the manner described.