[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"repo-stars":3,"vuln-CVE-2026-9256":6},{"stargazers_count":4,"fetched_at":5},6,"2026-05-22T16:08:08.064Z",{"id":7,"descriptions":8,"cisa":9,"weaknesses":10,"exploits":24,"aliases":25,"duplicate_of":9,"upstream":26,"downstream":27,"duplicates":28,"related":29,"reserved_at":9,"published_at":30,"modified_at":31,"state":32,"summary":33,"references_raw":40,"kevs":46,"epss":9,"epss_history":47,"metrics":48,"affected":58},"CVE-2026-9256","NGINX Plus and NGINX Open Source have a vulnerability in the ngx_http_rewrite_module module. This vulnerability exists when a rewrite directive uses a regex pattern with distinct, overlapping Perl-Compatible Regular Expression (PCRE) captures (for example, ^/((.*))$) and a replacement string that references multiple such captures (for example, $1$2) in a redirect or arguments context. An unauthenticated attacker along with conditions beyond their control can exploit this vulnerability by sending crafted HTTP requests. This may cause a heap buffer overflow in the NGINX worker process leading to a restart. Additionally, attackers can execute code on systems with Address Space Layout Randomization (ASLR) disabled or when the attacker can bypass ASLR. \n\n\nNote: Software versions which have reached End of Technical Support (EoTS) are not evaluated.",null,[11],{"_key":12,"id":12,"name":13,"description":14,"type":15,"status":16,"abstraction":17,"likelihood_of_exploit":18,"capec":19},"CWE-122","Heap-based Buffer Overflow","A heap overflow condition is a buffer overflow, where the buffer that can be overwritten is allocated in the heap portion of memory, generally meaning that the buffer was allocated using a routine such as malloc().","weakness","Draft","Variant","High",[20],{"id":21,"name":22,"techniques":23},"CAPEC-92","Forced Integer Overflow",[],[],[],[],[],[],[],"2026-05-22T14:11:41.877Z","2026-05-22T14:50:36.484Z","PUBLISHED",{"cisa_kev":34,"cisa_ransomware":34,"cisa_vendor":9,"epss_severity":9,"epss_score":9,"severity":35,"severity_score":36,"severity_version":37,"severity_source":38,"severity_vector":39,"severity_status":32},false,"critical",9.2,"v4.0","cve.org","CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",[41],{"url":42,"sources":43,"tags":44},"https://my.f5.com/manage/s/article/K000161377",[38],[45],"Vendor Advisory",[],[],[49],{"source":38,"cvss_v2_0":9,"cvss_v3_0":9,"cvss_v3_1":50,"cvss_v4_0":56},{"baseScore":51,"baseSeverity":52,"vectorString":53,"impactScore":54,"exploitabilityScore":55},8.1,"HIGH","CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",9.8,5.6,{"baseScore":36,"baseSeverity":57,"vectorString":39,"impactScore":9,"exploitabilityScore":9},"CRITICAL",[59,80],{"ecosystem":9,"name":60,"vendor":61,"product":62,"cpe_part":63,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":64},"NGINX Open Source","f5","nginx open source","a",[65,72,76],{"version":66,"is_range":67,"range_type":38,"version_start":68,"version_start_type":69,"version_end":70,"version_end_type":71,"fixed_in":9},">= 1.31.0, \u003C 1.31.1",true,"1.31.0","including","1.31.1","excluding",{"version":73,"is_range":67,"range_type":38,"version_start":74,"version_start_type":69,"version_end":75,"version_end_type":71,"fixed_in":9},">= 1.30.0, \u003C 1.30.2","1.30.0","1.30.2",{"version":77,"is_range":67,"range_type":38,"version_start":78,"version_start_type":69,"version_end":79,"version_end_type":71,"fixed_in":9},">= 0.1.17, \u003C *","0.1.17","*",{"ecosystem":9,"name":81,"vendor":61,"product":82,"cpe_part":63,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":83},"NGINX Plus","nginx plus",[84,88,92],{"version":85,"is_range":67,"range_type":38,"version_start":86,"version_start_type":69,"version_end":87,"version_end_type":71,"fixed_in":9},">= 37.0, \u003C 37.0.1.1","37.0","37.0.1.1",{"version":89,"is_range":67,"range_type":38,"version_start":90,"version_start_type":69,"version_end":91,"version_end_type":71,"fixed_in":9},">= R36, \u003C R36 P5","R36","R36 P5",{"version":93,"is_range":67,"range_type":38,"version_start":94,"version_start_type":69,"version_end":95,"version_end_type":71,"fixed_in":9},">= R32, \u003C R32 P7","R32","R32 P7"]