Nginx Product Security Update Advisory (CVE-2026-9256)
Overview A security update has been released for CVE-2026-9256, a heap-based buffer overflow vulnerability in ngxhttprewrite_module in the Nginx product. the vulnerability affects multiple Nginx family products. Affected by NGINX Plus. NGINX Open Source. NGINX Instance Manager. F5 WAF for NGINX. NGINX App Protect WAF. F5 DoS for NGINX. NGINX
