Detections
Analytics

nginx 0.6.27 < 1.30.1 ngx_http_rewrite_module Heap Buffer Overflow

critical Nessus Plugin ID 316773

Synopsis

The remote web server is affected by a vulnerability.

Description

According to its Server response header, the installed version of nginx is 0.6.27 prior to 1.30.1. It is, therefore, affected by the following issue :

 - NGINX Plus and NGINX Open Source have a vulnerability in the ngx_http_rewrite_module module. This vulnerability exists when the rewrite directive is followed by a rewrite, if, or set directive and an unnamed Perl-Compatible Regular Expression (PCRE) capture (for example, $1, $2) with a replacement string that includes a question mark (?). An unauthenticated attacker along with conditions beyond its control can exploit this vulnerability by sending crafted HTTP requests. This may cause a heap buffer overflow in the NGINX worker process leading to a restart. Additionally, for systems with Address Space Layout Randomization (ASLR ) disabled, code execution is possible. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. (CVE-2026-42945)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

Solution

Upgrade to nginx 1.30.1 or later.

See Also

https://my.f5.com/manage/s/article/K000161019

https://nginx.org/en/security_advisories.html

Plugin Details

Severity: Critical

ID: 316773

File Name: nginx-CVE-2026-42945.nasl

Version: 1.1

Type: Combined

Agent: unix

Family: Web Servers

Published: 5/26/2026

Updated: 5/26/2026

Configuration: Enable paranoid mode

Supported Sensors: Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: Critical

Score: 9.2

CVSS v2

Risk Factor: High

Base Score: 7.6

Vector: CVSS2#AV:N/AC:H/Au:N/C:C/I:C/A:C

CVSS Score Source: CVE-2026-42945

CVSS v3

Risk Factor: High

Base Score: 8.1

Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

CVSS v4

Risk Factor: Critical

Base Score: 9.2

Threat Score: 7.2

Threat Vector: CVSS:4.0/E:U

Vector: CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Vulnerability Information

CPE: cpe:/a:nginx:nginx

Required KB Items: Settings/ParanoidReport, installed_sw/nginx

Patch Publication Date: 5/13/2026

Vulnerability Publication Date: 5/13/2026

Reference Information

CVE: CVE-2026-42945

IAVA: 2026-A-0436