Heap Buffer Overflow in NGINX Plus and Open Source during Regex Mapping
CVE-2026-42533
What is CVE-2026-42533?
A vulnerability in NGINX Plus and NGINX Open Source arises when a map directive improperly utilizes regex matching in conjunction with string expressions referencing the map’s regex capture variables before the map output variable, or when non-cacheable variables are used under specific conditions. Unauthenticated attackers can exploit this vulnerability by sending specially crafted HTTP requests, potentially leading to a heap buffer overflow within the NGINX worker process. This may result in service interruptions or allow code execution if Address Space Layout Randomization (ASLR) is disabled or can be bypassed.
Affected Version(s)
NGINX Open Source 1.31.2 < 1.31.3
NGINX Open Source 0.9.6 < 1.30.4
NGINX Plus 37.0.0.1 < 37.0.3.1
References
CVSS V4
Timeline
Vulnerability published
Vulnerability Reserved