NGINX ngx_http_rewrite_module heap overflow (medium); dropped from §2, mentioned in §7
cve · CVE-2026-9256
Coverage timeline
1
first 2026-05-24 → last 2026-05-24
Briefs
1
1 distinct
Sources cited
24
16 hosts
Sections touched
0
—
Co-occurring entities
0
no co-occurrence
Story timeline
- 2026-05-24CTI Daily Brief — 2026-05-24
Source distribution
- attack.mitre.org6 (25%)
- my.f5.com3 (12%)
- cert.ssi.gouv.fr2 (8%)
- advisories.ncsc.nl1 (4%)
- bleepingcomputer.com1 (4%)
- blog.spip.net1 (4%)
- cert.europa.eu1 (4%)
- cwe.mitre.org1 (4%)
- other8 (33%)
External references
All cited sources (24)
- advisories.ncsc.nlinlineNCSC-NL NCSC-2026-0162, 2026-05-15https://advisories.ncsc.nl/csaf/v2/2026/ncsc-2026-0162.json
- attack.mitre.orginlineT1003 OS Credential Dumpinghttps://attack.mitre.org/techniques/T1003/
- attack.mitre.orginlineT1018 Remote System Discoveryhttps://attack.mitre.org/techniques/T1018/
- attack.mitre.orginlineT1055 Process Injectionhttps://attack.mitre.org/techniques/T1055/
- attack.mitre.orginlineT1059.004 Command and Scripting Interpreter: Unix Shellhttps://attack.mitre.org/techniques/T1059/004/
- attack.mitre.orginlineT1190 Exploit Public-Facing Applicationhttps://attack.mitre.org/techniques/T1190/
- attack.mitre.orginlineT1572 Protocol Tunnelinghttps://attack.mitre.org/techniques/T1572/
- bleepingcomputer.cominlineBleepingComputer initial disclosurehttps://www.bleepingcomputer.com/news/security/18-year-old-nginx-vulnerability-allows-dos-potential-rce/
- blog.spip.netinlineSPIP security bulletin, 2026-05-12https://blog.spip.net/Mise-a-jour-de-securite-sortie-de-SPIP-4-4-14.html
- cert.europa.euinlineCERT-EU 2026-006, 2026-05-06https://cert.europa.eu/publications/security-advisories/2026-006/
- cert.ssi.gouv.frinlineCERT-FR, 2026-05-06https://www.cert.ssi.gouv.fr/avis/CERTFR-2026-AVI-0537/
- cert.ssi.gouv.frinlineCERT-FR CERTFR-2026-AVI-0564, 2026-05-12https://www.cert.ssi.gouv.fr/avis/CERTFR-2026-AVI-0564/
- cwe.mitre.orginlineCWE-648https://cwe.mitre.org/data/definitions/648.html
- depthfirst.cominlinedepthfirst "NGINX Rift" technical writeup, 2026-05-13https://depthfirst.com/research/nginx-rift-achieving-nginx-rce-via-an-18-year-old-vulnerability
- github.cominlineGitHub GHSA-gcgv-v5gf-c543https://github.com/advisories/GHSA-gcgv-v5gf-c543
- my.f5.cominlineF5 K000160932, 2026-05-14https://my.f5.com/manage/s/article/K000160932
- my.f5.cominlineF5 NGINX advisory K000161019https://my.f5.com/manage/s/article/K000161019
- my.f5.cominlineF5 K000172830https://my.f5.com/manage/s/article/K000172830
- security-hub.ncsc.admin.chinlineNCSC-CH Security Hub post #12575https://security-hub.ncsc.admin.ch/#/posts/12575
- security.paloaltonetworks.cominlinePalo Alto Networks Security Advisory, 2026-05-06https://security.paloaltonetworks.com/CVE-2026-0300
- securityaffairs.cominlineSecurity Affairs, 2026-05-14https://securityaffairs.com/192132/hacking/nginx-rift-an-18-year-old-flaw-in-the-worlds-most-deployed-web-server-just-came-to-light.html
- securityweek.cominlineSecurityWeek, 2026-05-14https://www.securityweek.com/f5-patches-over-50-vulnerabilities/
- thehackernews.cominlineThe Hacker Newshttps://thehackernews.com/2026/05/nginx-cve-2026-42945-exploited-in-wild.html
- unit42.paloaltonetworks.cominlineUnit 42 primary research, 2026-05-06https://unit42.paloaltonetworks.com/captive-portal-zero-day/
Items in briefs about NGINX ngx_http_rewrite_module heap overflow (medium); dropped from §2, mentioned in §7
No parsed item heading or body matches this entity yet. Items match by exact CVE id (for CVE entities), by lead-segment substring of the title in the item heading or body, or by a distinctive anchor token from the title appearing in the item heading. Coverage that lives inside a broader section (no per-item heading) is captured by the Story timeline above.