AIKIDO-2026-11106
nginx is vulnerable to Heap-based Buffer Overflow
92
Critical Risk
This Affects:
nginxTL;DR
NGINX Open Source and NGINX Plus are vulnerable to a heap-based buffer overflow in the ngx_http_rewrite_module when a rewrite directive uses a regex pattern with distinct, overlapping PCRE captures and a replacement string that references multiple such captures in a redirect or arguments context. An unauthenticated attacker can send crafted HTTP requests that trigger the vulnerable rewrite path, causing the NGINX worker process to crash and restart. On systems with ASLR disabled, or where ASLR can be bypassed, exploitation may allow remote code execution.
Who does this affect?
You are affected if you are running a vulnerable NGINX version and use ngx_http_rewrite_module rewrite directives with overlapping PCRE captures whose replacement references multiple captures in a redirect or arguments context.
Background info
nginx is vulnerable to Heap-based Buffer Overflow in versions 0.1.17 - 1.30.1 and 1.31.0 - 1.31.0.
How to fix this
Upgrade nginx to the patch version.
Are You Affected?
Connect your repositories to instantly see whether vulnerable or malicious packages exist in your codebase.
Free. No credit card required.
SOC 2Compliant
ISO 27001Compliant