¡¾·ì϶¹«¸æ¡¿NGINX ngx_http_rewrite_module¶Ñ»º³åÇøÒç¶Âí½Å(CVE-2026-42945)

°ä²¼¹¦·ò 2026-05-15

Ò»¡¢·ì϶¸ÅÊö



0515·ì϶¸ÅÊö.png


NGINXÊÇÒ»¿î¸ß»úÄÜWeb·þÎñÆ÷¡¢·´Ïò´úÀí·þÎñÆ÷¼°¸ºÔØƽºâƽ̨£¬¿í·ºÀûÓÃÓÚ»¥ÁªÍø¡¢ÔÆÍÆËã¼°ÆóÒµÒµÎñ³¡¾°¡£ÆäÖ§³ÖHTTP´úÀí¡¢¸ºÔØƽºâ¡¢»º´æ¼Ó¿ì¡¢Á÷Á¿×ª·¢¼°°²È«½Ó¼û½ÚÔìµÈÖ°ÄÜ£¬ÓµÓи߲¢·¢¡¢µÍ×ÊÔ´Õ¼ÓúͽýÝÄ£¿é»¯À©´óµÈÌص㣬¿í·º²¿ÊðÓÚÍøÕ¾¡¢APIÍø¹Ø¼°Î¢·þÎñ¼Ü¹¹ÖС£2026Äê5ÔÂ15ÈÕ£¬±¦ÔËÀ³¹Ù·½ÍøÕ¾°²È«Ó¦¼±ÏìÓ¦ÖÐÐÄ£¨VSRC£©¼à²âµ½NGINX ngx_http_rewrite_module¶Ñ»º³åÇøÒç¶Âí½Å¡£¸Ã·ì϶ÔÚrewriteÖ¸Áîºó³ÖÐøʹÓÃrewrite¡¢if»òsetÖ¸Á²¢½áºÏ䶨ÃûPCRE²¶»ñ×飨Èç$1¡¢$2£©¼°Ô̺¬Îʺţ¨?£©µÄ´úÌæ×Ö·û´®Ê±´¥·¢¡£¹¥»÷Õß¿Éͨ¹ý»ú¹ØÌض¨HTTPÒªÇ󣬵¼ÖÂNGINX Worker¹ý³Ì²úÉúHeap-based Buffer Overflow£¬½ø¶øÒý·¢Worker¹ý³Ì±ÀÀ£Óë·þÎñ³ÁÆô£¬Ôì³É»Ø¾ø·þÎñ£¨DoS£©Ó°Ïì¡£ÔÚ½ûÓÃASLRµÄϵͳ»·¾³Ï£¬¹¥»÷Õß»¹¿ÉÄܽøÒ»²½ÊµÏÖÔ¶³Ì´úÂëÖ´ÐС£



¶þ¡¢Ó°ÏìÁìÓò



1.0.0 <= NGINX Open Source < 1.31.0

0.6.27 <= NGINX Open Source <= 0.9.7

R32 <= NGINX Plus < R32 P6

R36 <= NGINX Plus < R36 P4

2.16.0 <= NGINX Instance Manager <= 2.21.1

5.9.0 <= F5 WAF for NGINX <= 5.12.1

4.9.0 <= NGINX App Protect WAF <= 4.16.0

5.1.0 <= NGINX App Protect WAF <= 5.8.0

F5 DoS for NGINX = 4.8.0

4.3.0 <= NGINX App Protect DoS <= 4.7.0

1.3.0 <= NGINX Gateway Fabric <= 1.6.2

2.0.0 <= NGINX Gateway Fabric <= 2.5.1

3.5.0 <= NGINX Ingress Controller <= 3.7.2

4.0.0 <= NGINX Ingress Controller <= 4.0.1

5.0.0 <= NGINX Ingress Controller <= 5.4.1



Èý¡¢°²È«´ëÊ©



3.1 Éý¼¶°æ±¾


¹Ù·½ÒÑ°ä²¼½¨¸´²¹¶¡£¬ÒÔ½¨¸´¸Ã·ì϶¡£

NGINX Open Source >= 1.31.0

NGINX Open Source >= 1.30.1

NGINX Plus >= R32 P6

NGINX Plus >= R36 P4

NGINX Plus >= 37.0.0

NGINX Instance Manager£ºÉý¼¶ÖÁ¹Ù·½ºóÐø°²È«°æ±¾

F5 WAF for NGINX£ºÉý¼¶ÖÁ¹Ù·½ºóÐø°²È«°æ±¾

NGINX App Protect WAF£ºÉý¼¶ÖÁ¹Ù·½ºóÐø°²È«°æ±¾

F5 DoS for NGINX£ºÉý¼¶ÖÁ¹Ù·½ºóÐø°²È«°æ±¾

NGINX App Protect DoS£ºÉý¼¶ÖÁ¹Ù·½ºóÐø°²È«°æ±¾

NGINX Gateway Fabric£ºÉý¼¶ÖÁ¹Ù·½ºóÐø°²È«°æ±¾

NGINX Ingress Controller£ºÉý¼¶ÖÁ¹Ù·½ºóÐø°²È«°æ±¾

ÏÂÔØÁ´½Ó£º

https://my.f5.com/manage/s/article/K000161019/


3.2 һʱ´ëÊ©


ÔÚÎÞ·¨Á¢¼´Éý¼¶ÖÁ¹Ù·½½¨¸´°æ±¾µÄÇé¿öÏ£¬½¨ÒéÁ¢¼´²é³­²¢Åú¸ÄËùÓÐÉæ¼°ngx_http_rewrite_moduleµÄRewrite¹æ¶¨£¬Ô¤·À³ÖÐøʹÓÃ䶨ÃûPCRE²¶»ñ×飨Èç$1¡¢$2£©ÓëÔ̺¬?×Ö·ûµÄ´úÌæ×Ö·û´®×éºÏ¡£

´æÔÚ·çÏÕµÄÅäÖÃʾÀý£º

rewrite ^/users/([0-9]+)/profile/(.*)$ /profile.php?id=$1&tab=$2 last

½¨ÒéÅú¸ÄΪ¶¨Ãû²¶»ñ×éд·¨£º

rewrite ^/users/(?[0-9]+)/profile/(?.*)$ /profile.php?id=$user_id&tab=$section last

ÅäÖÃÅú¸ÄʵÏֺ󣬽¨ÒéÖ´ÐÐÒÔϺÅÁîÑéÖ¤ÅäÖò¢³ÁмÓÔØ·þÎñ£º

nginx -t

nginx -s reload


3.3 ͨÓý¨Òé


¶¨ÆÚ¸üÐÂϵͳ²¹¶¡£¬Ï÷¼õϵͳ·ì϶£¬ÌáÉý·þÎñÆ÷µÄ°²È«ÐÔ¡£

¼ÓǿϵͳºÍÍøÂçµÄ½Ó¼û½ÚÔ죬Åú¸Ä·À»ðǽսÊõ£¬¹Ø¹Ø·Ç±ØÒªµÄÀûÓö˿ڻò·þÎñ£¬Ï÷¼õ½«Î£ÏÕ·þÎñ£¨ÈçSSH¡¢RDPµÈ£©Â¶³öµ½¹«Íø£¬Ï÷¼õ¹¥»÷Ãæ¡£

ʹÓÃÆóÒµ¼¶°²È«²úÆ·£¬ÌáÉýÆóÒµµÄÍøÂ簲ȫ»úÄÜ¡£

¼ÓǿϵͳÓû§ºÍȨÏÞÖÎÀí£¬ÆôÓöà³É·ÖÈÏÖ¤»úÔìºÍ×îÓ×ȨÏÞ×¼Ôò£¬Óû§ºÍÈí¼þȨÏÞӦά³ÖÔÚ×îµÍÏ޶ȡ£ÆôÓÃÇ¿ÃÜÂëÕ½Êõ²¢ÉèÖÃΪ¶¨ÆÚÅú¸Ä¡£


3.4 ²Î¿¼Á´½Ó


https://my.f5.com/manage/s/article/K000161019/https://nvd.nist.gov/vuln/detail/CVE-2026-42945