nginx | Bboysoul的博客https://localhost🔴 NGINX https://localhost/posts/12114https://localhost/posts/12114Thu, 14 May 2026 10:10:58 GMT<i><b>🔴</b></i> <mark>NGINX</mark> http_rewrite 模块漏洞;或会导致堆溢出甚至远程代码执行。<br /><br />- 漏洞的起因是 <mark>nginx</mark> 尝试将 escape 过的 URL 写入未 escape 长度的内存。<br />- 在 ASLR 未被开启的情况下,可以导致远程代码执行。<br />- 修复已于 1.30.1/1.31.0 发布。<br /><br />1. <a href="https://depthfirst.com/nginx-rift" target="_blank">https://depthfirst.com/nginx-rift</a><br />2. <a href="https://my.f5.com/manage/s/article/K000161019" target="_blank">my.f5.com/~</a><br /><br />CVE: CVE-2026-42945<br />CVSS: 9.2 (F5 Networks)<br />Affect: [0.6.27, 1.30.0]<br />Fixed-At: 1.30.1, 1.31.0<br /><br /><a href="/search/result?q=%23nginx">#nginx</a><a href="https://depthfirst.com/nginx-rift" target="_blank"> <div>Depthfirst</div> <img class="link_preview_image" alt="NGINX Rift" src="/static/https://cdn4.telesco.pe/file/rBHZq3vUV5ngV0erGLL1uww6corAGIMhSEKIR6wc9SWEDU3q6HXYG7ixq7I9XmdxY92_ckAro7MhcggmlNjAZNGFmeN35lav4x9fKO3bLS6kH2-T7eXBJCOYmzoSS56GYDsquBIEbV00Mqeh_xI0W7yLk1wJzdlEKYqWWhxWc33XrUQaMGNoV7mgoLQQkG5Ko83pNdAagU1C0ckoIFz4oyBJqaN-pEwmQ1v-UbR63-hgSs3akZd6V-ZrQhHgVt9eiMgHRoCHz-IVE726fDTlvXuGZ4YUcO8fq74nmL85qXh-mDjlkxezeG5xDLBl8KIbbv0LtvqPtqo_RBQ0FKcvHw.jpg" width="1200" height="630" loading="eager" /> <div><mark>NGINX</mark> Rift</div> <div>An 18 year old memory corruption flaw in <mark>NGINX</mark> Plus and <mark>NGINX</mark> Open Source lets an unauthenticated attacker crash worker processes or execute remote code with crafted HTTP requests.</div> </a>