FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

nginx -- heap buffer overflow in ngx_http_rewrite_module

Affected packages
nginx < 1.30.2,3

Details

VuXML ID 36a3131d-5600-11f1-b339-3497f65b111b
Discovery 2026-05-22
Entry 2026-05-22

The nginx developers report:

A heap memory buffer overflow might occur in a worker process when using a configuration with overlapping captures in ngx_http_rewrite_module, potentially resulting in arbitrary code execution (CVE-2026-9256).

[source]

References

CVE Name CVE-2026-9256
URL https://nginx.org/en/CHANGES

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.