This CVE does NOT include/involve CWP, only the direct Nginx package.
⚠️ A heap-based buffer overflow in nginx’s ngx_http_rewrite_module, disclosed as CVE-2026-42945 and nicknamed NGINX Rift, allows an unauthenticated attacker to crash a worker process, or potentially achieve remote code execution on hosts with ASLR disabled, by sending a single crafted HTTP request.
If you operate an internet-facing nginx instance, especially one with non-trivial rewrite rules in front of a PHP or application backend, this matters.
AlmaLinux's core team has built patched nginx packages, which are available in their testing repository.
After the community has helped verify them, AlmaLinux will release them to the production repositories.
Topic: NGINX Rift (CVE-2026-42945): Patched nginx available in testing (Read 32 times)
