"nginx":"1.26" nginx-1.26.3-9.module+el9+1158+6648e096
エラータID: AXSA:2026-1252:01
nginx is a web and proxy server supporting HTTP and other protocols, with a focus on high concurrency, performance, and low memory usage.
Security Fix(es):
* nginx: NGINX: Arbitrary Code Execution Vulnerability (CVE-2026-42945)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
CVE-2026-42945
NGINX Plus and NGINX Open Source have a vulnerability in the ngx_http_rewrite_module module. This vulnerability exists when the rewrite directive is followed by a rewrite, if, or set directive and an unnamed Perl-Compatible Regular Expression (PCRE) capture (for example, $1, $2) with a replacement string that includes a question mark (?). An unauthenticated attacker along with conditions beyond its control can exploit this vulnerability by sending crafted HTTP requests. This may cause a heap buffer overflow in the NGINX worker process leading to a restart. Additionally, for systems with Address Space Layout Randomization (ASLR ) disabled, code execution is possible. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
Modularity name: "nginx"
Stream name: "1.26"
Update packages.
NGINX Plus and NGINX Open Source have a vulnerability in the ngx_http_rewrite_module module. This vulnerability exists when the rewrite directive is followed by a rewrite, if, or set directive and an unnamed Perl-Compatible Regular Expression (PCRE) capture (for example, $1, $2) with a replacement string that includes a question mark (?). An unauthenticated attacker along with conditions beyond its control can exploit this vulnerability by sending crafted HTTP requests. This may cause a heap buffer overflow in the NGINX worker process leading to a restart. Additionally, attackers can execute code on systems with Address Space Layout Randomization (ASLR) disabled or when the attacker can bypass ASLR. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
N/A
SRPMS
- nginx-1.26.3-9.module+el9+1158+6648e096.src.rpm
MD5: d0af5d32da1ab164064450f481f9f2d9
SHA-256: 764d4c2c705402453e8f3bb1e3d290ac80a3c6b4c6d460210b6209813a058d68
Size: 1.28 MB
Asianux Server 9 for x86_64
- nginx-1.26.3-9.module+el9+1158+6648e096.x86_64.rpm
MD5: 4ca1b78dc461705eaa77e9c57772fa83
SHA-256: 4b89af1edc5e663add2b44b689329948b4e3c9bceff400ef39021d615aeb9f4a
Size: 35.41 kB - nginx-all-modules-1.26.3-9.module+el9+1158+6648e096.noarch.rpm
MD5: bcd0bb944ed4b398f0e019bcf7fb96c6
SHA-256: 62e9f12747578cbc4dece17e0bf2a3e098fb7ddfc508923864d96a70f88698e9
Size: 7.99 kB - nginx-core-1.26.3-9.module+el9+1158+6648e096.x86_64.rpm
MD5: 1288328d1cabfb505aaf99caaa97d772
SHA-256: 42274a15f918321562ba622556667bc6d32b068df146c20c50cade0c3b30de8a
Size: 666.78 kB - nginx-debugsource-1.26.3-9.module+el9+1158+6648e096.x86_64.rpm
MD5: 2a32333e5ffe5eea0985bd7ef390407a
SHA-256: 17a33be4c8fdcb60e422ffc0d1de3e7303164b1743cb49ed7cfa4f105933d12e
Size: 700.94 kB - nginx-filesystem-1.26.3-9.module+el9+1158+6648e096.noarch.rpm
MD5: ea16083d0937e131e126e509237a0a3f
SHA-256: e18ff5cf02ae35e8701faad79389b2bd6ce981b5b320b5d9d19d50327e2a71ba
Size: 9.50 kB - nginx-mod-devel-1.26.3-9.module+el9+1158+6648e096.x86_64.rpm
MD5: 5f777ba7489d1583d2868c0ef17b152e
SHA-256: 5117f104fe4c407a231f84b57845d4a5b1ae6f1342a1eb6c648273e694ab93e5
Size: 0.96 MB - nginx-mod-http-image-filter-1.26.3-9.module+el9+1158+6648e096.x86_64.rpm
MD5: 7baaec042da5ee3162d15dd1dfc31201
SHA-256: 7754d18f8744666bdf5314e557a6a30e71ecae8db37243a87f53c2461a762be5
Size: 19.63 kB - nginx-mod-http-perl-1.26.3-9.module+el9+1158+6648e096.x86_64.rpm
MD5: 48337bb6573a948283b501c1b4fdb16e
SHA-256: 08bb0ef76575fcccb2b958123d8ecf3e4baa39692c65c5ba936fd7b022e21d84
Size: 30.96 kB - nginx-mod-http-xslt-filter-1.26.3-9.module+el9+1158+6648e096.x86_64.rpm
MD5: a8f7a9b6af98355892d58fadf4ece4d4
SHA-256: 8565f9b9e2d00897e870d1c0914be8b003263acde4e55fb33b2f438ad6f0176d
Size: 18.41 kB - nginx-mod-mail-1.26.3-9.module+el9+1158+6648e096.x86_64.rpm
MD5: 82805ea5b18b6abea1c1812845bd1621
SHA-256: 3d0aa32c94372a615597aea71a383f2d5a68da30487b8d603b08d7adc1d1c879
Size: 53.04 kB - nginx-mod-stream-1.26.3-9.module+el9+1158+6648e096.x86_64.rpm
MD5: eebc2d9a980488b03ed568417bf0c46f
SHA-256: 5b6bc5269906021ef45a2adea9b7c6b745006a2961f08c2b1e51394149e96cf5
Size: 84.84 kB