VDB
RHSA-2026%3A22388
RHSA-2026%3A22388
PUBLISHED
CVSS 8.100000381469727 HIGH
A flaw was found in NGINX, specifically within the ngx_http_rewrite_module. An unauthenticated attacker can exploit this vulnerability by sending crafted HTTP requests under specific rewrite configurations. This can lead to a heap buffer overflow in the NGINX worker process, which may result in arbitrary code execution if Address Space Layout Randomization (ASLR), a security technique to prevent exploitation, is disabled. Otherwise, this flaw causes a denial of service due to a restart of the NGINX worker process.
Risk Scores
CVSS 3.1
8.100000381469727
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Red Hat | registry.redhat.io/odf4/odf-csi-addons-sidecar-rhel9@sha256:f45c90a65cc1932f7d9b180d62394ff194566f22feba29c8656e5f87faae66a3_ppc64le as a component of Red Hat Openshift Data Foundation 4.18 | * |
| Red Hat | registry.redhat.io/odf4/odf-multicluster-rhel9-operator@sha256:59dccfe50a1b819f7c494c11137e03223e8b9c3ba2194cceeda10d8bbbfaf6a4_ppc64le as a component of Red Hat Openshift Data Foundation 4.18 | * |
| Red Hat | registry.redhat.io/odf4/ocs-client-console-rhel9@sha256:94716f2159fa51e879398c82f8818416c6341fe61e732b7b91267b7c37a98e33_ppc64le as a component of Red Hat Openshift Data Foundation 4.18 | * |
| Red Hat | registry.redhat.io/odf4/odf-rhel9-operator@sha256:7ad3e612562873fb6cd87277eebee14152819e5f5d13878b787d5822adf98b5b_arm64 as a component of Red Hat Openshift Data Foundation 4.18 | * |
| Red Hat | registry.redhat.io/odf4/mcg-rhel9-operator@sha256:888cc9d7770249951b3408fb027cc7b3037c021238aa4bf8e197aa8da17bd743_ppc64le as a component of Red Hat Openshift Data Foundation 4.18 | * |
| Red Hat | registry.redhat.io/odf4/odf-multicluster-rhel9-operator@sha256:d1ab93e29f6b0be17fd1c48a18d40fd7bcb5e660762372a592b24f8c3d95f74e_s390x as a component of Red Hat Openshift Data Foundation 4.18 | * |
| Red Hat | registry.redhat.io/odf4/mcg-operator-bundle@sha256:0aeeeedc4c55d67f19805f0b2623c77b005995b370dbe48580dd54f12a4d7558_amd64 as a component of Red Hat Openshift Data Foundation 4.18 | * |
| Red Hat | registry.redhat.io/odf4/odr-rhel9-operator@sha256:6a66b7bd50cb1fbb106deb2e2962c251a0c0ea66ffd272b7000c965f23065cf5_s390x as a component of Red Hat Openshift Data Foundation 4.18 | * |
| Red Hat | registry.redhat.io/odf4/ocs-operator-bundle@sha256:fa80c80ffaa4340822dc7d96488d2c89cd72318c431717d05fab8c5f086ce242_amd64 as a component of Red Hat Openshift Data Foundation 4.18 | * |
| Red Hat | registry.redhat.io/odf4/odf-multicluster-operator-bundle@sha256:5fa090d9f40fa601075596bc662c8ba81867828d75d676d59c631a1a1d11a359_amd64 as a component of Red Hat Openshift Data Foundation 4.18 | * |
| Red Hat | registry.redhat.io/odf4/odf-csi-addons-rhel9-operator@sha256:c1aed7972f5c366ce2aa64c242eab7fce26850f38a60ee09bf3534d6a1a225d0_s390x as a component of Red Hat Openshift Data Foundation 4.18 | * |
| Red Hat | registry.redhat.io/odf4/odf-must-gather-rhel9@sha256:6c30b3fc1f0ff55bc104cb25bf3c12d6f7596426587ca16c08e998572e7a53b5_s390x as a component of Red Hat Openshift Data Foundation 4.18 | * |
| Red Hat | registry.redhat.io/odf4/odr-rhel9-operator@sha256:205593aa595338dcd49c1958540ef623f29d4fe7267d884cbc04e6fb2cce4717_ppc64le as a component of Red Hat Openshift Data Foundation 4.18 | * |
| Red Hat | registry.redhat.io/odf4/mcg-rhel9-operator@sha256:a5d31b1d8168118b6796362c2d0faeb7e5ccd827a4cfed6bbad12e9f06ac1dd2_arm64 as a component of Red Hat Openshift Data Foundation 4.18 | * |
| Red Hat | registry.redhat.io/odf4/ocs-rhel9-operator@sha256:a3c813daa6265810afa97542056c16d6c044d4f429e331fe0d7bc37e45729055_amd64 as a component of Red Hat Openshift Data Foundation 4.18 | * |
| Red Hat | registry.redhat.io/odf4/odf-console-rhel9@sha256:9b69ec5063534a53efd936455f15c8e26f92e3abffa92fd15bb473c6997f4a8b_s390x as a component of Red Hat Openshift Data Foundation 4.18 | * |
| Red Hat | registry.redhat.io/odf4/odf-rhel9-operator@sha256:c6bf22380fa04d9297b6280ede61d7105ed767bd1724d50bf040308a17e80176_amd64 as a component of Red Hat Openshift Data Foundation 4.18 | * |
| Red Hat | registry.redhat.io/odf4/odf-multicluster-console-rhel9@sha256:27db3ef223c48dab546bcee1a4b4682b4bf374965a44f4c7c69faaa007fee72f_s390x as a component of Red Hat Openshift Data Foundation 4.18 | * |
| Red Hat | registry.redhat.io/odf4/cephcsi-rhel9-operator@sha256:d228b7b55d2400a036827caa480c1ba34a00eca2ff7411e714dedc27592df53e_amd64 as a component of Red Hat Openshift Data Foundation 4.18 | * |
| Red Hat | registry.redhat.io/odf4/odf-rhel9-operator@sha256:468a2de4fa1eeed31f632d725ac7a1865ecab19f2e9a7997d1ccb95edb0197da_s390x as a component of Red Hat Openshift Data Foundation 4.18 | * |
…and 61 more
Timeline
- Jun 2, 2026 CVE Published
- Jun 23, 2026 CVE Updated
- Jun 23, 2026 Distribution Patch
- Jun 23, 2026 Distribution Patch
- Jun 23, 2026 Security Advisory
- Jun 23, 2026 Security Advisory
References
- https://access.redhat.com/errata/RHSA-2026:22388 advisory
- https://access.redhat.com/security/cve/CVE-2026-42945 advisory
- https://access.redhat.com/security/updates/classification advisory
- https://docs.redhat.com/en/documentation/red_hat_openshift_data_foundation/ advisory
- https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_22388.json advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=2477116 issue
- https://www.cve.org/CVERecord?id=CVE-2026-42945 advisory
- https://nvd.nist.gov/vuln/detail/CVE-2026-42945 advisory
- https://depthfirst.com/nginx-rift advisory
- https://my.f5.com/manage/s/article/K000161019 advisory