🚨 New nginx CVE: CVE-2026-42945, aka "NGINX Rift." Heap buffer overflow in ngx_http_rewrite_module. ~18-year-old bug. Unauthenticated. One crafted HTTP request. CVSS 9.2 Critical. If you run nginx in front of PHP / WordPress / API gateways, read on 🧵

Root cause: a size mismatch between two passes over the rewrite replacement string. If a rewrite uses an unnamed capture ($1, $2…) + a ? in the replacement + is followed by another rewrite/if/set, nginx sizes the buffer with one escape method and writes with another.