Originally published at: CVE-2026-42945: NGINX rewrite-module bug tied to PCRE captures and “?” in replacements - ToolsLib Blog
CVE-2026-42945 affects NGINX’s rewrite module under specific PCRE capture and replacement patterns, causing a heap overflow and worker restarts; code execution may be possible if ASLR is disabled. Version and patch details are not yet clear.