"nginx":"1.26" nginx-1.26.3-9.module+el9+1158+6648e096

エラータID: AXSA:2026-1252:01

Release date: 
Tuesday, July 14, 2026 - 10:37
Subject: 
"nginx":"1.26" nginx-1.26.3-9.module+el9+1158+6648e096
Affected Channels: 
MIRACLE LINUX 9 for x86_64
Severity: 
High
Description: 

nginx is a web and proxy server supporting HTTP and other protocols, with a focus on high concurrency, performance, and low memory usage.

Security Fix(es):

* nginx: NGINX: Arbitrary Code Execution Vulnerability (CVE-2026-42945)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

CVE-2026-42945
NGINX Plus and NGINX Open Source have a vulnerability in the ngx_http_rewrite_module module. This vulnerability exists when the rewrite directive is followed by a rewrite, if, or set directive and an unnamed Perl-Compatible Regular Expression (PCRE) capture (for example, $1, $2) with a replacement string that includes a question mark (?). An unauthenticated attacker along with conditions beyond its control can exploit this vulnerability by sending crafted HTTP requests. This may cause a heap buffer overflow in the NGINX worker process leading to a restart. Additionally, for systems with Address Space Layout Randomization (ASLR ) disabled, code execution is possible.  Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

Modularity name: "nginx"
Stream name: "1.26"

Solution: 

Update packages.

Additional Info: 

N/A

Download: 

SRPMS
  1. nginx-1.26.3-9.module+el9+1158+6648e096.src.rpm
    MD5: d0af5d32da1ab164064450f481f9f2d9
    SHA-256: 764d4c2c705402453e8f3bb1e3d290ac80a3c6b4c6d460210b6209813a058d68
    Size: 1.28 MB

Asianux Server 9 for x86_64
  1. nginx-1.26.3-9.module+el9+1158+6648e096.x86_64.rpm
    MD5: 4ca1b78dc461705eaa77e9c57772fa83
    SHA-256: 4b89af1edc5e663add2b44b689329948b4e3c9bceff400ef39021d615aeb9f4a
    Size: 35.41 kB
  2. nginx-all-modules-1.26.3-9.module+el9+1158+6648e096.noarch.rpm
    MD5: bcd0bb944ed4b398f0e019bcf7fb96c6
    SHA-256: 62e9f12747578cbc4dece17e0bf2a3e098fb7ddfc508923864d96a70f88698e9
    Size: 7.99 kB
  3. nginx-core-1.26.3-9.module+el9+1158+6648e096.x86_64.rpm
    MD5: 1288328d1cabfb505aaf99caaa97d772
    SHA-256: 42274a15f918321562ba622556667bc6d32b068df146c20c50cade0c3b30de8a
    Size: 666.78 kB
  4. nginx-debugsource-1.26.3-9.module+el9+1158+6648e096.x86_64.rpm
    MD5: 2a32333e5ffe5eea0985bd7ef390407a
    SHA-256: 17a33be4c8fdcb60e422ffc0d1de3e7303164b1743cb49ed7cfa4f105933d12e
    Size: 700.94 kB
  5. nginx-filesystem-1.26.3-9.module+el9+1158+6648e096.noarch.rpm
    MD5: ea16083d0937e131e126e509237a0a3f
    SHA-256: e18ff5cf02ae35e8701faad79389b2bd6ce981b5b320b5d9d19d50327e2a71ba
    Size: 9.50 kB
  6. nginx-mod-devel-1.26.3-9.module+el9+1158+6648e096.x86_64.rpm
    MD5: 5f777ba7489d1583d2868c0ef17b152e
    SHA-256: 5117f104fe4c407a231f84b57845d4a5b1ae6f1342a1eb6c648273e694ab93e5
    Size: 0.96 MB
  7. nginx-mod-http-image-filter-1.26.3-9.module+el9+1158+6648e096.x86_64.rpm
    MD5: 7baaec042da5ee3162d15dd1dfc31201
    SHA-256: 7754d18f8744666bdf5314e557a6a30e71ecae8db37243a87f53c2461a762be5
    Size: 19.63 kB
  8. nginx-mod-http-perl-1.26.3-9.module+el9+1158+6648e096.x86_64.rpm
    MD5: 48337bb6573a948283b501c1b4fdb16e
    SHA-256: 08bb0ef76575fcccb2b958123d8ecf3e4baa39692c65c5ba936fd7b022e21d84
    Size: 30.96 kB
  9. nginx-mod-http-xslt-filter-1.26.3-9.module+el9+1158+6648e096.x86_64.rpm
    MD5: a8f7a9b6af98355892d58fadf4ece4d4
    SHA-256: 8565f9b9e2d00897e870d1c0914be8b003263acde4e55fb33b2f438ad6f0176d
    Size: 18.41 kB
  10. nginx-mod-mail-1.26.3-9.module+el9+1158+6648e096.x86_64.rpm
    MD5: 82805ea5b18b6abea1c1812845bd1621
    SHA-256: 3d0aa32c94372a615597aea71a383f2d5a68da30487b8d603b08d7adc1d1c879
    Size: 53.04 kB
  11. nginx-mod-stream-1.26.3-9.module+el9+1158+6648e096.x86_64.rpm
    MD5: eebc2d9a980488b03ed568417bf0c46f
    SHA-256: 5b6bc5269906021ef45a2adea9b7c6b745006a2961f08c2b1e51394149e96cf5
    Size: 84.84 kB