CVE-2026-42945
Description
NGINX Plus and NGINX Open Source have a vulnerability in the ngx_http_rewrite_module module. This vulnerability exists when the rewrite directive is followed by a rewrite, if, or set directive and an unnamed Perl-Compatible Regular Expression (PCRE) capture (for example, $1, $2) with a replacement string that includes a question mark (?). An unauthenticated attacker along with conditions beyond its control can exploit this vulnerability by sending crafted HTTP requests. This may cause a heap buffer overflow in the NGINX worker process leading to a restart. Additionally, attackers can execute code on systems with Address Space Layout Randomization (ASLR) disabled or when the attacker can bypass ASLR. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
86- osv-coords83 versionspkg:apk/chainguard/ingress-nginx-controller-1.13pkg:apk/chainguard/ingress-nginx-controller-1.14pkg:apk/chainguard/ingress-nginx-controller-1.15pkg:apk/chainguard/ingress-nginx-controller-compat-1.13pkg:apk/chainguard/ingress-nginx-controller-compat-1.14pkg:apk/chainguard/ingress-nginx-controller-compat-1.15pkg:apk/chainguard/ingress-nginx-controller-fips-1.13pkg:apk/chainguard/ingress-nginx-controller-fips-1.14pkg:apk/chainguard/ingress-nginx-controller-fips-1.15pkg:apk/chainguard/ingress-nginx-controller-fips-compat-1.13pkg:apk/chainguard/ingress-nginx-controller-fips-compat-1.14pkg:apk/chainguard/ingress-nginx-controller-fips-compat-1.15pkg:apk/chainguard/ingress-nginx-controller-fips-iamguarded-compat-1.13pkg:apk/chainguard/ingress-nginx-controller-fips-iamguarded-compat-1.14pkg:apk/chainguard/ingress-nginx-controller-fips-iamguarded-compat-1.15pkg:apk/chainguard/ingress-nginx-controller-iamguarded-compat-1.13pkg:apk/chainguard/ingress-nginx-controller-iamguarded-compat-1.14pkg:apk/chainguard/ingress-nginx-controller-iamguarded-compat-1.15pkg:apk/chainguard/ingress-nginx-custom-error-pages-1.13pkg:apk/chainguard/ingress-nginx-custom-error-pages-1.14pkg:apk/chainguard/ingress-nginx-custom-error-pages-1.15pkg:apk/chainguard/ingress-nginx-custom-error-pages-compat-1.13pkg:apk/chainguard/ingress-nginx-custom-error-pages-compat-1.14pkg:apk/chainguard/ingress-nginx-custom-error-pages-compat-1.15pkg:apk/chainguard/ingress-nginx-custom-error-pages-fips-1.13pkg:apk/chainguard/ingress-nginx-custom-error-pages-fips-1.14pkg:apk/chainguard/ingress-nginx-custom-error-pages-fips-1.15pkg:apk/chainguard/ingress-nginx-custom-error-pages-fips-compat-1.14pkg:apk/chainguard/ingress-nginx-custom-error-pages-fips-compat-1.15pkg:apk/chainguard/ingress-nginx-fips-opentelemetry-plugin-1.13pkg:apk/chainguard/ingress-nginx-fips-opentelemetry-plugin-1.14pkg:apk/chainguard/ingress-nginx-fips-opentelemetry-plugin-1.15pkg:apk/chainguard/ingress-nginx-opentelemetry-plugin-1.13pkg:apk/chainguard/ingress-nginx-opentelemetry-plugin-1.14pkg:apk/chainguard/ingress-nginx-opentelemetry-plugin-1.15pkg:apk/chainguard/kube-webhook-certgen-1.13pkg:apk/chainguard/kube-webhook-certgen-1.14pkg:apk/chainguard/kube-webhook-certgen-1.15pkg:apk/chainguard/kube-webhook-certgen-fips-1.13pkg:apk/chainguard/kube-webhook-certgen-fips-1.14pkg:apk/chainguard/kube-webhook-certgen-fips-1.15pkg:apk/wolfi/ingress-nginx-controller-1.13pkg:apk/wolfi/ingress-nginx-controller-1.14pkg:apk/wolfi/ingress-nginx-controller-1.15pkg:apk/wolfi/ingress-nginx-controller-compat-1.13pkg:apk/wolfi/ingress-nginx-controller-compat-1.14pkg:apk/wolfi/ingress-nginx-controller-compat-1.15pkg:apk/wolfi/ingress-nginx-controller-iamguarded-compat-1.13pkg:apk/wolfi/ingress-nginx-controller-iamguarded-compat-1.14pkg:apk/wolfi/ingress-nginx-controller-iamguarded-compat-1.15pkg:apk/wolfi/ingress-nginx-custom-error-pages-1.13pkg:apk/wolfi/ingress-nginx-custom-error-pages-1.14pkg:apk/wolfi/ingress-nginx-custom-error-pages-1.15pkg:apk/wolfi/ingress-nginx-custom-error-pages-compat-1.13pkg:apk/wolfi/ingress-nginx-custom-error-pages-compat-1.14pkg:apk/wolfi/ingress-nginx-custom-error-pages-compat-1.15pkg:apk/wolfi/ingress-nginx-opentelemetry-plugin-1.13pkg:apk/wolfi/ingress-nginx-opentelemetry-plugin-1.14pkg:apk/wolfi/ingress-nginx-opentelemetry-plugin-1.15pkg:apk/wolfi/kube-webhook-certgen-1.13pkg:apk/wolfi/kube-webhook-certgen-1.14pkg:apk/wolfi/kube-webhook-certgen-1.15pkg:bitnami/nginxpkg:bitnami/nginx-gatewaypkg:rpm/almalinux/nginxpkg:rpm/almalinux/nginx-all-modulespkg:rpm/almalinux/nginx-corepkg:rpm/almalinux/nginx-filesystempkg:rpm/almalinux/nginx-mod-develpkg:rpm/almalinux/nginx-mod-http-image-filterpkg:rpm/almalinux/nginx-mod-http-perlpkg:rpm/almalinux/nginx-mod-http-xslt-filterpkg:rpm/almalinux/nginx-mod-mailpkg:rpm/almalinux/nginx-mod-streampkg:rpm/opensuse/nginx&distro=openSUSE%20Tumbleweedpkg:rpm/suse/nginx&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP4-ESPOSpkg:rpm/suse/nginx&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP4-LTSSpkg:rpm/suse/nginx&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP5-ESPOSpkg:rpm/suse/nginx&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP5-LTSSpkg:rpm/suse/nginx&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP4-LTSSpkg:rpm/suse/nginx&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP5-LTSSpkg:rpm/suse/nginx&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP4pkg:rpm/suse/nginx&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP5
< 1.13.9-r9+ 82 more
- (no CPE)range: < 1.13.9-r9
- (no CPE)range: < 1.14.5-r12
- (no CPE)range: < 1.15.5-r1
- (no CPE)range: < 1.13.9-r9
- (no CPE)range: < 1.14.5-r12
- (no CPE)range: < 1.15.5-r1
- (no CPE)range: < 1.13.9-r9
- (no CPE)range: < 1.14.5-r9
- (no CPE)range: < 1.15.5-r1
- (no CPE)range: < 1.13.9-r9
- (no CPE)range: < 1.14.5-r9
- (no CPE)range: < 1.15.5-r1
- (no CPE)range: < 1.13.9-r9
- (no CPE)range: < 1.14.5-r9
- (no CPE)range: < 1.15.5-r1
- (no CPE)range: < 1.13.9-r9
- (no CPE)range: < 1.14.5-r12
- (no CPE)range: < 1.15.5-r1
- (no CPE)range: < 1.13.9-r9
- (no CPE)range: < 1.14.5-r12
- (no CPE)range: < 1.15.5-r1
- (no CPE)range: < 1.13.9-r9
- (no CPE)range: < 1.14.5-r12
- (no CPE)range: < 1.15.5-r1
- (no CPE)range: < 1.13.9-r9
- (no CPE)range: < 1.14.5-r9
- (no CPE)range: < 1.15.5-r1
- (no CPE)range: < 1.14.5-r9
- (no CPE)range: < 1.15.5-r1
- (no CPE)range: < 1.13.9-r9
- (no CPE)range: < 1.14.5-r9
- (no CPE)range: < 1.15.5-r1
- (no CPE)range: < 1.13.9-r9
- (no CPE)range: < 1.14.5-r12
- (no CPE)range: < 1.15.5-r1
- (no CPE)range: < 1.13.9-r9
- (no CPE)range: < 1.14.5-r12
- (no CPE)range: < 1.15.5-r1
- (no CPE)range: < 1.13.9-r9
- (no CPE)range: < 1.14.5-r9
- (no CPE)range: < 1.15.5-r1
- (no CPE)range: < 1.13.9-r9
- (no CPE)range: < 1.14.5-r12
- (no CPE)range: < 1.15.5-r1
- (no CPE)range: < 1.13.9-r9
- (no CPE)range: < 1.14.5-r12
- (no CPE)range: < 1.15.5-r1
- (no CPE)range: < 1.13.9-r9
- (no CPE)range: < 1.14.5-r12
- (no CPE)range: < 1.15.5-r1
- (no CPE)range: < 1.13.9-r9
- (no CPE)range: < 1.14.5-r12
- (no CPE)range: < 1.15.5-r1
- (no CPE)range: < 1.13.9-r9
- (no CPE)range: < 1.14.5-r12
- (no CPE)range: < 1.15.5-r1
- (no CPE)range: < 1.13.9-r9
- (no CPE)range: < 1.14.5-r12
- (no CPE)range: < 1.15.5-r1
- (no CPE)range: < 1.13.9-r9
- (no CPE)range: < 1.14.5-r12
- (no CPE)range: < 1.15.5-r1
- (no CPE)range: >= 0.6.27, < 1.30.1
- (no CPE)range: >= 0.6.27, < 1.30.1
- (no CPE)range: < 2:1.20.1-24.el9_7.3.alma.1
- (no CPE)range: < 2:1.20.1-24.el9_7.3.alma.1
- (no CPE)range: < 2:1.20.1-24.el9_7.3.alma.1
- (no CPE)range: < 2:1.20.1-24.el9_7.3.alma.1
- (no CPE)range: < 2:1.20.1-24.el9_7.3.alma.1
- (no CPE)range: < 2:1.20.1-24.el9_7.3.alma.1
- (no CPE)range: < 2:1.20.1-24.el9_7.3.alma.1
- (no CPE)range: < 2:1.20.1-24.el9_7.3.alma.1
- (no CPE)range: < 2:1.20.1-24.el9_7.3.alma.1
- (no CPE)range: < 2:1.20.1-24.el9_7.3.alma.1
- (no CPE)range: < 1.31.0-1.1
- (no CPE)range: < 1.21.5-150400.3.20.1
- (no CPE)range: < 1.21.5-150400.3.20.1
- (no CPE)range: < 1.21.5-150400.3.20.1
- (no CPE)range: < 1.21.5-150400.3.20.1
- (no CPE)range: < 1.21.5-150400.3.20.1
- (no CPE)range: < 1.21.5-150400.3.20.1
- (no CPE)range: < 1.21.5-150400.3.20.1
- (no CPE)range: < 1.21.5-150400.3.20.1
Patches
Vulnerability mechanics
References
2News mentions
13- F5 Patches Two Critical NGINX Open Source Flaws Enabling Remote Code ExecutionThe Hacker News · Jun 18, 2026
- Week in review: GitHub breached via poisoned VS Code extension, critical NGINX flaw exploitedHelp Net Security · May 24, 2026
- Nginx-poolslip Vulnerability Enables DoS and Code Execution Attacks — Patch Now!Cyber Security News · May 23, 2026
- 18th May – Threat Intelligence ReportCheck Point Research · May 18, 2026
- ⚡ Weekly Recap: Exchange 0-Day, npm Worm, Fake AI Repo, Cisco Exploit and MoreThe Hacker News · May 18, 2026
- Attackers are exploiting critical NGINX vulnerability (CVE-2026-42945)Help Net Security · May 18, 2026
- NGINX Rift attackers waste no time targeting exposed serversThe Register Security · May 18, 2026
- Exploitation of Critical NGINX Vulnerability BeginsSecurityWeek · May 18, 2026
- NGINX CVE-2026-42945 Exploited in the Wild, Causing Worker Crashes and Possible RCEThe Hacker News · May 17, 2026
- PoC Code Published for Critical NGINX VulnerabilitySecurityWeek · May 16, 2026
- 18-year-old NGINX vulnerability allows DoS, potential RCEBleepingComputer · May 14, 2026
- F5 Patches Over 50 VulnerabilitiesSecurityWeek · May 14, 2026
- 18-Year-Old NGINX Rewrite Module Flaw Enables Unauthenticated RCEThe Hacker News · May 14, 2026