CVE-2026-42945
Gravedad CVSS v4.0:
CRÍTICA
Tipo:
CWE-122
Desbordamiento de búfer basado en memoria dinámica (Heap)
Fecha de publicación:
13/05/2026
Última modificación:
27/06/2026
Descripción
*** Pendiente de traducción *** NGINX Plus and NGINX Open Source have a vulnerability in the ngx_http_rewrite_module module. This vulnerability exists when the rewrite directive is followed by a rewrite, if, or set directive and an unnamed Perl-Compatible Regular Expression (PCRE) capture (for example, $1, $2) with a replacement string that includes a question mark (?). An unauthenticated attacker along with conditions beyond its control can exploit this vulnerability by sending crafted HTTP requests. This may cause a heap buffer overflow in the NGINX worker process leading to a restart. Additionally, attackers can execute code on systems with Address Space Layout Randomization (ASLR) disabled or when the attacker can bypass ASLR. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
Impacto
Puntuación base 4.0
9.20
Gravedad 4.0
CRÍTICA
Puntuación base 3.x
8.10
Gravedad 3.x
ALTA
Productos y versiones vulnerables
| CPE | Desde | Hasta |
|---|---|---|
| cpe:2.3:a:f5:dos:*:*:*:*:*:nginx:*:* | 4.3.0 (incluyendo) | 4.7.0 (incluyendo) |
| cpe:2.3:a:f5:dos:4.8.0:*:*:*:*:nginx:*:* | ||
| cpe:2.3:a:f5:nginx_gateway_fabric:*:*:*:*:*:*:*:* | 1.3.0 (incluyendo) | 1.6.2 (incluyendo) |
| cpe:2.3:a:f5:nginx_gateway_fabric:*:*:*:*:*:*:*:* | 2.0.0 (incluyendo) | 2.5.1 (incluyendo) |
| cpe:2.3:a:f5:nginx_ingress_controller:*:*:*:*:*:*:*:* | 3.5.0 (incluyendo) | 3.7.2 (incluyendo) |
| cpe:2.3:a:f5:nginx_ingress_controller:*:*:*:*:*:*:*:* | 4.0.0 (incluyendo) | 4.0.1 (incluyendo) |
| cpe:2.3:a:f5:nginx_ingress_controller:*:*:*:*:*:*:*:* | 5.0.0 (incluyendo) | 5.4.1 (incluyendo) |
| cpe:2.3:a:f5:nginx_instance_manager:*:*:*:*:*:*:*:* | 2.16.0 (incluyendo) | 2.21.1 (incluyendo) |
| cpe:2.3:a:f5:nginx_open_source:*:*:*:*:*:*:*:* | 0.6.27 (incluyendo) | 1.30.0 (incluyendo) |
| cpe:2.3:a:f5:nginx_plus:*:*:*:*:*:*:*:* | r32 (incluyendo) | r36 (incluyendo) |
| cpe:2.3:a:f5:waf:*:*:*:*:*:nginx:*:* | 4.9.0 (incluyendo) | 4.16.0 (incluyendo) |
| cpe:2.3:a:f5:waf:*:*:*:*:*:nginx:*:* | 5.1.0 (incluyendo) | 5.8.0 (incluyendo) |
| cpe:2.3:a:f5:waf:*:*:*:*:*:nginx:*:* | 5.9.0 (incluyendo) | 5.12.1 (incluyendo) |
Para consultar la lista completa de nombres de CPE con productos y versiones, ver esta página
Referencias a soluciones, herramientas e información
- https://my.f5.com/manage/s/article/K000161019
- https://depthfirst.com/nginx-rift
- https://github.com/DepthFirstDisclosures/Nginx-Rift
- https://access.redhat.com/errata/RHSA-2026:17417
- https://access.redhat.com/errata/RHSA-2026:17751
- https://access.redhat.com/errata/RHSA-2026:17752
- https://access.redhat.com/errata/RHSA-2026:17753
- https://access.redhat.com/errata/RHSA-2026:17790
- https://access.redhat.com/errata/RHSA-2026:17791
- https://access.redhat.com/errata/RHSA-2026:17792
- https://access.redhat.com/errata/RHSA-2026:17793
- https://access.redhat.com/errata/RHSA-2026:17794
- https://access.redhat.com/errata/RHSA-2026:18029
- https://access.redhat.com/errata/RHSA-2026:18041
- https://access.redhat.com/errata/RHSA-2026:18063
- https://access.redhat.com/errata/RHSA-2026:19159
- https://access.redhat.com/errata/RHSA-2026:19371
- https://access.redhat.com/errata/RHSA-2026:19372
- https://access.redhat.com/errata/RHSA-2026:19374
- https://access.redhat.com/errata/RHSA-2026:20442
- https://access.redhat.com/errata/RHSA-2026:20444
- https://access.redhat.com/errata/RHSA-2026:21275
- https://access.redhat.com/errata/RHSA-2026:22382
- https://access.redhat.com/errata/RHSA-2026:22383
- https://access.redhat.com/errata/RHSA-2026:22388
- https://access.redhat.com/errata/RHSA-2026:22389
- https://access.redhat.com/errata/RHSA-2026:22390
- https://access.redhat.com/errata/RHSA-2026:22393
- https://access.redhat.com/errata/RHSA-2026:22394
- https://access.redhat.com/errata/RHSA-2026:22396
- https://access.redhat.com/security/cve/CVE-2026-42945
- https://bugzilla.redhat.com/show_bug.cgi?id=2477116
- https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-42945.json



