← voltar
CVE-2026-42945

NGINX ngx_http_rewrite_module vulnerability

CVSS 9.2 CRITICALEPSS 53.3%CWE-122
NGINX Plus and NGINX Open Source have a vulnerability in the ngx_http_rewrite_module module. This vulnerability exists when the rewrite directive is followed by a rewrite, if, or set directive and an unnamed Perl-Compatible Regular Expression (PCRE) capture (for example, $1, $2) with a replacement string that includes a question mark (?). An unauthenticated attacker along with conditions beyond its control can exploit this vulnerability by sending crafted HTTP requests. This may cause a heap buffer overflow in the NGINX worker process leading to a restart. Additionally, attackers can execute code on systems with Address Space Layout Randomization (ASLR) disabled or when the attacker can bypass ASLR.  Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
Produtos afetados
F5 · NGINX Open SourceF5 · NGINX Plus
PoCs públicas encontradas42
githubgithub.com/DepthFirstDisclosures/Nginx-Rift857githubgithub.com/cipherspy/CVE-2026-42945-POC41githubgithub.com/friparia/NGINX_RIFT_SCAN_CVE_2026_4294533githubgithub.com/rheodev/CVE-2026-4294518githubgithub.com/oseasfr/Scanner_CVE_2026-4294517githubgithub.com/MateusVerass/nGixshell15githubgithub.com/p3Nt3st3r-sTAr/CVE-2026-42945-POC15githubgithub.com/nu0l/NGINX-Rift4githubgithub.com/strivepan/Nginx_cve-2026-42945-scanner-gui3githubgithub.com/tal7aouy/nginx-cve-2026-429453githubgithub.com/iammerrida-source/nginx-rift-detect3githubgithub.com/jelasin/CVE-2026-429453githubgithub.com/nanwinata/nginxrift-CVE-2026-429452githubgithub.com/gagaltotal/CVE-2026-42945-NGINX-Rift-Toolkit2githubgithub.com/0xBlackash/CVE-2026-429452githubgithub.com/dinosn/cve-2026-42945-nginx32-lab1githubgithub.com/realityone/cve-2026-42945-scan1githubgithub.com/forxiucn/nginx-cve-2026-42945-poc1githubgithub.com/chenqin231/CVE-2026-429451githubgithub.com/Renison-Gohel/CVE-2026-42945-NGINX-Rift1githubgithub.com/hnytgl/CVE-2026-429451githubgithub.com/RedCrazyGhost/CVE-2026-429451githubgithub.com/josephfelix/CVE-2026-42945-nginx-rift1githubgithub.com/simota/nginx-rift-scanner1githubgithub.com/imSre9/CVE-2026-429450githubgithub.com/yusufdalbudak/CVE-2026-429450githubgithub.com/fkj-src/fix_nginx_cve_2026_429450githubgithub.com/webdev75950-ux/nginx-rce-cve-2026-429450githubgithub.com/byezero/nginx-cve-2026-42945-check0githubgithub.com/F2u0a0d3/CVE-2026-42945-nginx-rift-poc0githubgithub.com/quantumworld-dpdns-io/CVE-2026-429450githubgithub.com/soksofos/wazuh-nginx-cve-2026-42945-sca-lab0githubgithub.com/lowilol/CVE-2026-42945-NGINX-Rift-Check-Script0githubgithub.com/jenniferreire26/CVE-2026-429450githubgithub.com/LiaoZiqi-GZFLS/CVE-2026-429450githubgithub.com/sec-sys/CVE-2026-42945-Reverse-Shell-POC0githubgithub.com/hulina9900-boop/DIY-CVE-2026-42945-POC0githubgithub.com/limo57640-crypto/nginx-rift-detector0githubgithub.com/BarAppTeam/nginx-cve-fix0githubgithub.com/sibersan/web-server-audit_CVE-2026-429450githubgithub.com/azilRababe/CVE-2026-429450githubgithub.com/ChamsBouzaiene/ai-vuln-rediscovery-nginx-cve-2026-429450
⚠ Recursos públicos, para você avaliar a exposição de sistemas que controla ou está autorizado a testar. Teste apenas com autorização.

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →
Referências
https://depthfirst.com/nginx-rifthttps://github.com/DepthFirstDisclosures/Nginx-Rifthttps://my.f5.com/manage/s/article/K000161019