Nginx Heap-based Buffer Overflow Vulnerability - CVE-2026-42945

NGINX Plus and NGINX Open Source have a vulnerability in the ngx_http_rewrite_module module. This vulnerability exists when the rewrite directive is followed by a rewrite if or set directive and an unnamed Perl-Compatible Regular Expression (PCRE) capture (for example 1 2) with a replacement string that includes a question mark (). An unauthenticated attacker along with conditions beyond its control can exploit this vulnerability by sending crafted HTTP requests. This may cause a heap buffer overflow in the NGINX worker process leading to a restart. Additionally for systems with Address Space Layout Randomization (ASLR ) disabled code execution is possible. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.