Continuing with security advisory.NGINX ngx_http_rewrite_module vulnerability CVE-2026-42945.~NGINX Plus and NGINX Open Source have a vulnerability in the *ngx_http_rewrite_module* module. This vulnerability exists when the *rewrite* directive is followed by a *rewrite*, *if*, or *set* directive and an unnamed Perl-Compatible Regular Expression (PCRE) capture (for example, $1, $2) with a replacement string that includes a question mark (?). An unauthenticated attacker along with conditions beyond its control can exploit this vulnerability by sending crafted HTTP requests. This may cause a heap buffer overflow in the NGINX worker process leading to a restart. Additionally, for systems with Address Space Layout Randomization (ASLR ) disabled, code execution is possible. (CVE-2026-42945) Don't confuse the F5's NGINX Ingress Controller with the community-led ingress-nginx, that is deprecated now.In any case, though, if you're using the ngx_http_rewrite_module (and it's widely used!), you are likely vulnerable.#security