A vulnerability marked as critical has been reported in F5 NGINX Plus and NGINX Open Source . Affected by this issue is some unknown functionality of the component ngx_http_rewrite_module . The manipulation leads to heap-based buffer overflow. This vulnerability is documented as CVE-2026-9256 . The attack can be initiated remotely. There is not any exploit available. It is suggested to upgrade the affected component.