A vulnerability has been found in F5 NGINX Plus and NGINX Open Source and classified as critical . This affects the function ngx_http_rewrite_module of the component HTTP Handler . The manipulation leads to heap-based buffer overflow. This vulnerability is traded as CVE-2026-42945 . It is possible to initiate the attack remotely. There is no exploit available. The affected component should be upgraded.