Nginx Product Security Update Advisory (CVE-2026-9256)
Table of Contents
Overview
A security update has been released for CVE-2026-9256, a heap-based buffer overflow vulnerability in ngxhttprewrite_module in the Nginx product. the vulnerability affects multiple Nginx family products.
Affected by
- NGINX Plus.
- NGINX Open Source.
- NGINX Instance Manager.
- F5 WAF for NGINX.
- NGINX App Protect WAF.
- F5 DoS for NGINX.
- NGINX App Protect DoS.
- NGINX Gateway Fabric.
- NGINX Ingress Controller.
Resolved vulnerabilities
- cVE-2026-9256
: heap-based buffer overflow vulnerability inNGINX ngxhttprewrite_module`.
Patch Version
- NGINX Plus version
37.0.1.1. - NGINX Plus Rx version
R36 P5. - NGINX Plus Rx version
R32 P7. - NGINX Open Source version
1.31.1. - NGINX Open Source version
1.30.2.
Notice
it is recommended to update to the latest version of this document, and you should update to the latest Vulnerability Patch version according to the instructions on the reference site.
Read more here: Source link