{"id":2556,"date":"2026-05-20T06:53:50","date_gmt":"2026-05-20T13:53:50","guid":{"rendered":"https:\/\/www.cycognito.com\/blog\/?p=2556"},"modified":"2026-05-20T06:53:52","modified_gmt":"2026-05-20T13:53:52","slug":"emerging-threat-cve-2026-42945-nginx-rift-heap-overflow-in-rewrite-module","status":"publish","type":"post","link":"https:\/\/www.cycognito.com\/blog\/emerging-threat-cve-2026-42945-nginx-rift-heap-overflow-in-rewrite-module\/","title":{"rendered":"Emerging Threat: (CVE-2026-42945) NGINX Rift Heap Overflow in Rewrite Module"},"content":{"rendered":"\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1280\" height=\"679\" src=\"https:\/\/www.cycognito.com\/blog\/wp-content\/uploads\/image-177-1280x679.png\" alt=\"\" class=\"wp-image-2558\" srcset=\"https:\/\/www.cycognito.com\/blog\/wp-content\/uploads\/image-177-1280x679.png 1280w, https:\/\/www.cycognito.com\/blog\/wp-content\/uploads\/image-177-512x272.png 512w, https:\/\/www.cycognito.com\/blog\/wp-content\/uploads\/image-177-768x408.png 768w, https:\/\/www.cycognito.com\/blog\/wp-content\/uploads\/image-177-1536x815.png 1536w, https:\/\/www.cycognito.com\/blog\/wp-content\/uploads\/image-177.png 1978w\" sizes=\"auto, (max-width: 1280px) 100vw, 1280px\" \/><figcaption class=\"wp-element-caption\"><em>Sample of assets impacted by NGINX Rift vulnerability, identified by the CyCognito Platform<\/em><\/figcaption><\/figure>\n\n\n\n<h2 class=\"wp-block-heading\">What is CVE-2026-42945?<\/h2>\n\n\n\n<p>CVE-2026-42945, nicknamed &#8220;NGINX Rift&#8221;, is a heap buffer overflow in the <code>ngx_http_rewrite_module<\/code> component of NGINX. It has sat in the project&#8217;s source code since 2008. F5 disclosed the flaw on May 13, 2026, after responsible disclosure by researchers at depthfirst, who reported finding it through an autonomous code scanning system.<\/p>\n\n\n\n<p>The vulnerability carries a CVSS v4.0 base score of 9.2 (Critical). Exploitation is unauthenticated and remote: an attacker sends a single crafted HTTP request to a vulnerable rewrite endpoint. The defect lies in how NGINX&#8217;s internal script engine computes destination buffer length on its first pass and copies data on its second pass. When a <code>rewrite<\/code> replacement string contains a question mark and uses unnamed PCRE captures such as <code>$1<\/code> or <code>$2<\/code>, the two passes disagree on a state flag, and attacker-controlled URI bytes are written past the allocated heap buffer in the worker process.<\/p>\n\n\n\n<p>The practical impact is reliable denial of service. A single request crashes the NGINX worker, and repeated requests force a crash loop that degrades availability for every site served by the instance. Remote code execution is also possible, but conditional. F5&#8217;s advisory notes that reliable code execution requires Address Space Layout Randomization (ASLR) to be disabled on the target host, a configuration uncommon on modern Linux distributions but more plausible on appliances, embedded systems, and older deployments. A public proof of concept was released alongside the advisory.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">What assets are affected by CVE-2026-42945?<\/h2>\n\n\n\n<p>The flaw affects NGINX Open Source versions 0.6.27 through 1.30.0 and NGINX Plus R32 through R36. It also extends to several downstream F5 products built on the same codebase: F5 WAF for NGINX 5.9.0 through 5.12.1, NGINX App Protect WAF 4.9.0 through 4.16.0 and 5.1.0 through 5.8.0, F5 DoS for NGINX 4.8.0, NGINX App Protect DoS 4.3.0 through 4.7.0, NGINX Instance Manager 2.16.0 through 2.21.1, and NGINX Gateway Fabric 1.3.0 through 1.6.2 and 2.0.0 through 2.5.1.<\/p>\n\n\n\n<p>Affected assets are some of the most common edge components on the internet. NGINX is widely deployed as a reverse proxy in front of web applications, as a load balancer at the network perimeter, as an API gateway, and as a Kubernetes ingress controller. Because the vulnerable code path depends on a specific configuration pattern rather than the presence of the binary alone, exposure is not uniform across every NGINX instance. The risk concentrates wherever operators use unnamed captures in rewrite rules combined with a replacement string containing a question mark, a pattern common in URL canonicalization, PHP front-controller routing, WordPress permalink handling, and bespoke API gateway logic.<\/p>\n\n\n\n<p>These assets tend to be internet-facing by design, which means the flaw is directly reachable from automated scanners and opportunistic threat actors. Many also run inside container orchestration platforms or behind multiple layers of abstraction, where the underlying NGINX configuration is generated from templates rather than written by hand, making the vulnerable pattern easy to overlook during inventory.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">What does our data show about exposure patterns?<\/h2>\n\n\n\n<figure class=\"wp-block-image size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"1185\" height=\"734\" src=\"https:\/\/www.cycognito.com\/blog\/wp-content\/uploads\/image-176.png\" alt=\"\" class=\"wp-image-2557\" srcset=\"https:\/\/www.cycognito.com\/blog\/wp-content\/uploads\/image-176.png 1185w, https:\/\/www.cycognito.com\/blog\/wp-content\/uploads\/image-176-512x317.png 512w, https:\/\/www.cycognito.com\/blog\/wp-content\/uploads\/image-176-768x476.png 768w\" sizes=\"auto, (max-width: 1185px) 100vw, 1185px\" \/><\/figure>\n\n\n\n<p>Exposure in this set is led by Industrials at 26.4% of observed assets, with Communication Services contributing 17.9%.<\/p>\n\n\n\n<p>Industrials&#8217; over-representation reflects the operational profile of the sector. Aerospace, defense, transport, and large-scale engineering organizations run sprawling estates that mix corporate web properties, partner integrations, customer portals, and acquired-company infrastructure. <\/p>\n\n\n\n<p>NGINX is a default choice for fronting many of those workloads, and the long decommissioning cycles typical of industrial IT mean older configurations and older NGINX versions persist longer than they would in greenfield environments. Communication Services follows a similar pattern for different reasons: media and telecom estates carry large content delivery footprints and high concentrations of edge proxies serving regional sites.<\/p>\n\n\n\n<p>Across the cross-sector pattern, the consistent driver is configuration inheritance. The vulnerable code path activates only on specific rewrite patterns, but those patterns propagate easily through internal templates, copied configs from upstream documentation, and infrastructure-as-code modules that get reused across teams. <\/p>\n\n\n\n<p>Organizations with the largest exposure are not those running unusual NGINX deployments. They are the ones running ordinary deployments at scale, where the same rewrite snippet has been replicated across hundreds of edge nodes over years.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">Are fixes available?<\/h2>\n\n\n\n<p>Patches are available. F5 has released NGINX Open Source 1.30.1 and 1.31.0 as fixed branches, and NGINX Plus R32 P6 and R36 P4 contain the corresponding fix. Several major Linux distributions began shipping updated packages on or shortly after disclosure day; AlmaLinux specifically backported the fix to its end-of-life module streams (1.16 through 1.24) given the severity.<\/p>\n\n\n\n<p>Patch availability is not uniform across the broader NGINX product family. The Open Source and Plus fixes are confirmed and shipping, but downstream F5 products including NGINX Instance Manager, F5 WAF for NGINX, and NGINX App Protect require following F5&#8217;s product-specific advisories for each fixed release. Defenders should verify directly against the F5 security advisory rather than assume a fix is available for every component in the NGINX ecosystem.<\/p>\n\n\n\n<p>After upgrading, NGINX must be restarted so worker processes reload the patched binary. Reload alone is not sufficient in every deployment pattern.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">Are there any other recommended actions to take?<\/h2>\n\n\n\n<p>Where an immediate upgrade is not possible, F5 recommends replacing unnamed PCRE captures such as <code>$1<\/code> and <code>$2<\/code> with named captures in every affected rewrite directive, which eliminates the trigger condition without changing functional behaviour. Operators should also audit <code>rewrite<\/code>, <code>if<\/code>, and <code>set<\/code> directives across their configuration estate for the vulnerable pattern, monitor for unexpected worker process restarts that may indicate exploitation attempts, and restrict access to admin-only NGINX interfaces from untrusted networks.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">How can CyCognito help your organization?<\/h2>\n\n\n\n<p>CyCognito published an Emerging Threat Advisory for CVE-2026-42945 in the CyCognito platform and is actively researching enhanced detection capabilities for this vulnerability.<\/p>\n\n\n\n<p>To learn how CyCognito can help your organization reduce external exposure and manage emerging threats more effectively, <a href=\"https:\/\/www.cycognito.com\/demo\/\">contact us to request a demo<\/a>.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>A heap buffer overflow in NGINX&#8217;s rewrite module lets an unauthenticated attacker crash worker processes with a single crafted HTTP request, and on hosts with ASLR disabled can be leveraged for remote code execution.<\/p>\n","protected":false},"author":39,"featured_media":0,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[3],"tags":[],"class_list":["post-2556","post","type-post","status-publish","format-standard","hentry","category-research"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v24.7 - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>Emerging Threat: (CVE-2026-42945) NGINX Rift Heap Overflow in Rewrite Module | CyCognito Blog<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.cycognito.com\/blog\/emerging-threat-cve-2026-42945-nginx-rift-heap-overflow-in-rewrite-module\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Emerging Threat: (CVE-2026-42945) NGINX Rift Heap Overflow in Rewrite Module | CyCognito Blog\" \/>\n<meta property=\"og:description\" content=\"A heap buffer overflow in NGINX&#039;s rewrite module lets an unauthenticated attacker crash worker processes with a single crafted HTTP request, and on hosts with ASLR disabled can be leveraged for remote code execution.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.cycognito.com\/blog\/emerging-threat-cve-2026-42945-nginx-rift-heap-overflow-in-rewrite-module\/\" \/>\n<meta property=\"og:site_name\" content=\"CyCognito Blog\" \/>\n<meta property=\"article:published_time\" content=\"2026-05-20T13:53:50+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2026-05-20T13:53:52+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.cycognito.com\/blog\/wp-content\/uploads\/image-177.png\" \/>\n\t<meta property=\"og:image:width\" content=\"1978\" \/>\n\t<meta property=\"og:image:height\" content=\"1050\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/png\" \/>\n<meta name=\"author\" content=\"Igal Zeifman\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Igal Zeifman\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"5 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/www.cycognito.com\/blog\/emerging-threat-cve-2026-42945-nginx-rift-heap-overflow-in-rewrite-module\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/www.cycognito.com\/blog\/emerging-threat-cve-2026-42945-nginx-rift-heap-overflow-in-rewrite-module\/\"},\"author\":{\"name\":\"Igal Zeifman\",\"@id\":\"https:\/\/www.cycognito.com\/blog\/#\/schema\/person\/79ab10bc35a38aef399f5bbd21d8f1b3\"},\"headline\":\"Emerging Threat: (CVE-2026-42945) NGINX Rift Heap Overflow in Rewrite Module\",\"datePublished\":\"2026-05-20T13:53:50+00:00\",\"dateModified\":\"2026-05-20T13:53:52+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/www.cycognito.com\/blog\/emerging-threat-cve-2026-42945-nginx-rift-heap-overflow-in-rewrite-module\/\"},\"wordCount\":958,\"publisher\":{\"@id\":\"https:\/\/www.cycognito.com\/blog\/#organization\"},\"image\":{\"@id\":\"https:\/\/www.cycognito.com\/blog\/emerging-threat-cve-2026-42945-nginx-rift-heap-overflow-in-rewrite-module\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/www.cycognito.com\/blog\/wp-content\/uploads\/image-177-1280x679.png\",\"articleSection\":[\"Research\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.cycognito.com\/blog\/emerging-threat-cve-2026-42945-nginx-rift-heap-overflow-in-rewrite-module\/\",\"url\":\"https:\/\/www.cycognito.com\/blog\/emerging-threat-cve-2026-42945-nginx-rift-heap-overflow-in-rewrite-module\/\",\"name\":\"Emerging Threat: (CVE-2026-42945) NGINX Rift Heap Overflow in Rewrite Module | CyCognito Blog\",\"isPartOf\":{\"@id\":\"https:\/\/www.cycognito.com\/blog\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/www.cycognito.com\/blog\/emerging-threat-cve-2026-42945-nginx-rift-heap-overflow-in-rewrite-module\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/www.cycognito.com\/blog\/emerging-threat-cve-2026-42945-nginx-rift-heap-overflow-in-rewrite-module\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/www.cycognito.com\/blog\/wp-content\/uploads\/image-177-1280x679.png\",\"datePublished\":\"2026-05-20T13:53:50+00:00\",\"dateModified\":\"2026-05-20T13:53:52+00:00\",\"breadcrumb\":{\"@id\":\"https:\/\/www.cycognito.com\/blog\/emerging-threat-cve-2026-42945-nginx-rift-heap-overflow-in-rewrite-module\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.cycognito.com\/blog\/emerging-threat-cve-2026-42945-nginx-rift-heap-overflow-in-rewrite-module\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.cycognito.com\/blog\/emerging-threat-cve-2026-42945-nginx-rift-heap-overflow-in-rewrite-module\/#primaryimage\",\"url\":\"https:\/\/www.cycognito.com\/blog\/wp-content\/uploads\/image-177.png\",\"contentUrl\":\"https:\/\/www.cycognito.com\/blog\/wp-content\/uploads\/image-177.png\",\"width\":1978,\"height\":1050},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.cycognito.com\/blog\/emerging-threat-cve-2026-42945-nginx-rift-heap-overflow-in-rewrite-module\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/www.cycognito.com\/blog\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Emerging Threat: (CVE-2026-42945) NGINX Rift Heap Overflow in Rewrite Module\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.cycognito.com\/blog\/#website\",\"url\":\"https:\/\/www.cycognito.com\/blog\/\",\"name\":\"Cycognito Blog\",\"description\":\"Research, Product News and Latest Updates\",\"publisher\":{\"@id\":\"https:\/\/www.cycognito.com\/blog\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/www.cycognito.com\/blog\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/www.cycognito.com\/blog\/#organization\",\"name\":\"Cycognito\",\"url\":\"https:\/\/www.cycognito.com\/blog\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.cycognito.com\/blog\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/www.cycognito.com\/blog\/wp-content\/uploads\/logo-1720x550-1.png\",\"contentUrl\":\"https:\/\/www.cycognito.com\/blog\/wp-content\/uploads\/logo-1720x550-1.png\",\"width\":1720,\"height\":550,\"caption\":\"Cycognito\"},\"image\":{\"@id\":\"https:\/\/www.cycognito.com\/blog\/#\/schema\/logo\/image\/\"}},{\"@type\":\"Person\",\"@id\":\"https:\/\/www.cycognito.com\/blog\/#\/schema\/person\/79ab10bc35a38aef399f5bbd21d8f1b3\",\"name\":\"Igal Zeifman\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.cycognito.com\/blog\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/b4495bcfbe7465d573c6f7ee3e2a3cab?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/b4495bcfbe7465d573c6f7ee3e2a3cab?s=96&d=mm&r=g\",\"caption\":\"Igal Zeifman\"},\"description\":\"VP of Marketing\",\"url\":\"https:\/\/www.cycognito.com\/blog\/author\/igal-zeifman\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Emerging Threat: (CVE-2026-42945) NGINX Rift Heap Overflow in Rewrite Module | CyCognito Blog","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.cycognito.com\/blog\/emerging-threat-cve-2026-42945-nginx-rift-heap-overflow-in-rewrite-module\/","og_locale":"en_US","og_type":"article","og_title":"Emerging Threat: (CVE-2026-42945) NGINX Rift Heap Overflow in Rewrite Module | CyCognito Blog","og_description":"A heap buffer overflow in NGINX's rewrite module lets an unauthenticated attacker crash worker processes with a single crafted HTTP request, and on hosts with ASLR disabled can be leveraged for remote code execution.","og_url":"https:\/\/www.cycognito.com\/blog\/emerging-threat-cve-2026-42945-nginx-rift-heap-overflow-in-rewrite-module\/","og_site_name":"CyCognito Blog","article_published_time":"2026-05-20T13:53:50+00:00","article_modified_time":"2026-05-20T13:53:52+00:00","og_image":[{"width":1978,"height":1050,"url":"https:\/\/www.cycognito.com\/blog\/wp-content\/uploads\/image-177.png","type":"image\/png"}],"author":"Igal Zeifman","twitter_card":"summary_large_image","twitter_misc":{"Written by":"Igal Zeifman","Est. reading time":"5 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.cycognito.com\/blog\/emerging-threat-cve-2026-42945-nginx-rift-heap-overflow-in-rewrite-module\/#article","isPartOf":{"@id":"https:\/\/www.cycognito.com\/blog\/emerging-threat-cve-2026-42945-nginx-rift-heap-overflow-in-rewrite-module\/"},"author":{"name":"Igal Zeifman","@id":"https:\/\/www.cycognito.com\/blog\/#\/schema\/person\/79ab10bc35a38aef399f5bbd21d8f1b3"},"headline":"Emerging Threat: (CVE-2026-42945) NGINX Rift Heap Overflow in Rewrite Module","datePublished":"2026-05-20T13:53:50+00:00","dateModified":"2026-05-20T13:53:52+00:00","mainEntityOfPage":{"@id":"https:\/\/www.cycognito.com\/blog\/emerging-threat-cve-2026-42945-nginx-rift-heap-overflow-in-rewrite-module\/"},"wordCount":958,"publisher":{"@id":"https:\/\/www.cycognito.com\/blog\/#organization"},"image":{"@id":"https:\/\/www.cycognito.com\/blog\/emerging-threat-cve-2026-42945-nginx-rift-heap-overflow-in-rewrite-module\/#primaryimage"},"thumbnailUrl":"https:\/\/www.cycognito.com\/blog\/wp-content\/uploads\/image-177-1280x679.png","articleSection":["Research"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/www.cycognito.com\/blog\/emerging-threat-cve-2026-42945-nginx-rift-heap-overflow-in-rewrite-module\/","url":"https:\/\/www.cycognito.com\/blog\/emerging-threat-cve-2026-42945-nginx-rift-heap-overflow-in-rewrite-module\/","name":"Emerging Threat: (CVE-2026-42945) NGINX Rift Heap Overflow in Rewrite Module | CyCognito Blog","isPartOf":{"@id":"https:\/\/www.cycognito.com\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.cycognito.com\/blog\/emerging-threat-cve-2026-42945-nginx-rift-heap-overflow-in-rewrite-module\/#primaryimage"},"image":{"@id":"https:\/\/www.cycognito.com\/blog\/emerging-threat-cve-2026-42945-nginx-rift-heap-overflow-in-rewrite-module\/#primaryimage"},"thumbnailUrl":"https:\/\/www.cycognito.com\/blog\/wp-content\/uploads\/image-177-1280x679.png","datePublished":"2026-05-20T13:53:50+00:00","dateModified":"2026-05-20T13:53:52+00:00","breadcrumb":{"@id":"https:\/\/www.cycognito.com\/blog\/emerging-threat-cve-2026-42945-nginx-rift-heap-overflow-in-rewrite-module\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.cycognito.com\/blog\/emerging-threat-cve-2026-42945-nginx-rift-heap-overflow-in-rewrite-module\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.cycognito.com\/blog\/emerging-threat-cve-2026-42945-nginx-rift-heap-overflow-in-rewrite-module\/#primaryimage","url":"https:\/\/www.cycognito.com\/blog\/wp-content\/uploads\/image-177.png","contentUrl":"https:\/\/www.cycognito.com\/blog\/wp-content\/uploads\/image-177.png","width":1978,"height":1050},{"@type":"BreadcrumbList","@id":"https:\/\/www.cycognito.com\/blog\/emerging-threat-cve-2026-42945-nginx-rift-heap-overflow-in-rewrite-module\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.cycognito.com\/blog\/"},{"@type":"ListItem","position":2,"name":"Emerging Threat: (CVE-2026-42945) NGINX Rift Heap Overflow in Rewrite Module"}]},{"@type":"WebSite","@id":"https:\/\/www.cycognito.com\/blog\/#website","url":"https:\/\/www.cycognito.com\/blog\/","name":"Cycognito Blog","description":"Research, Product News and Latest Updates","publisher":{"@id":"https:\/\/www.cycognito.com\/blog\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.cycognito.com\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.cycognito.com\/blog\/#organization","name":"Cycognito","url":"https:\/\/www.cycognito.com\/blog\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.cycognito.com\/blog\/#\/schema\/logo\/image\/","url":"https:\/\/www.cycognito.com\/blog\/wp-content\/uploads\/logo-1720x550-1.png","contentUrl":"https:\/\/www.cycognito.com\/blog\/wp-content\/uploads\/logo-1720x550-1.png","width":1720,"height":550,"caption":"Cycognito"},"image":{"@id":"https:\/\/www.cycognito.com\/blog\/#\/schema\/logo\/image\/"}},{"@type":"Person","@id":"https:\/\/www.cycognito.com\/blog\/#\/schema\/person\/79ab10bc35a38aef399f5bbd21d8f1b3","name":"Igal Zeifman","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.cycognito.com\/blog\/#\/schema\/person\/image\/","url":"https:\/\/secure.gravatar.com\/avatar\/b4495bcfbe7465d573c6f7ee3e2a3cab?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/b4495bcfbe7465d573c6f7ee3e2a3cab?s=96&d=mm&r=g","caption":"Igal Zeifman"},"description":"VP of Marketing","url":"https:\/\/www.cycognito.com\/blog\/author\/igal-zeifman\/"}]}},"_links":{"self":[{"href":"https:\/\/www.cycognito.com\/blog\/wp-json\/wp\/v2\/posts\/2556","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.cycognito.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.cycognito.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.cycognito.com\/blog\/wp-json\/wp\/v2\/users\/39"}],"replies":[{"embeddable":true,"href":"https:\/\/www.cycognito.com\/blog\/wp-json\/wp\/v2\/comments?post=2556"}],"version-history":[{"count":1,"href":"https:\/\/www.cycognito.com\/blog\/wp-json\/wp\/v2\/posts\/2556\/revisions"}],"predecessor-version":[{"id":2559,"href":"https:\/\/www.cycognito.com\/blog\/wp-json\/wp\/v2\/posts\/2556\/revisions\/2559"}],"wp:attachment":[{"href":"https:\/\/www.cycognito.com\/blog\/wp-json\/wp\/v2\/media?parent=2556"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.cycognito.com\/blog\/wp-json\/wp\/v2\/categories?post=2556"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.cycognito.com\/blog\/wp-json\/wp\/v2\/tags?post=2556"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}