https://community.checkpoint.com/t5/WAF/NGINX-CVE-2026-42945-Check-Point-Managed-NGINX-Deployments-Not/m-p/277141#M406 <H4 class="title is-size-5" data-v-9ec38c24=""><STRONG data-olk-copy-source="MessageBody">Description</STRONG></H4> <P class="content cve-x-scroll" data-v-9ec38c24="">NGINX Plus and NGINX Open Source have a vulnerability in the ngx_http_rewrite_module&nbsp;module. This vulnerability exists when the rewrite&nbsp;directive is followed by a rewrite, if, or set&nbsp;directive and an unnamed Perl-Compatible Regular Expression (PCRE) capture (for example, $1, $2) with a replacement string that includes a question mark (?). An unauthenticated attacker along with conditions beyond its control can exploit this vulnerability by sending crafted HTTP requests. This may cause a heap buffer overflow in the NGINX worker process leading to a restart. Additionally, for systems with Address Space Layout Randomization (ASLR ) disabled, code execution is possible.&nbsp;</P> <H4 class="title is-size-5" data-v-9ec38c24=""><STRONG data-olk-copy-source="MessageBody">Check Point Statement Regarding NGINX Vulnerability CVE-2026-42945</STRONG></H4> <P class="x_MsoNormal">Check Point is aware of the recently disclosed NGINX vulnerability<SPAN>&nbsp;</SPAN><A id="anchor-0ecd3ee1-85a6-5e7d-727e-e4a27374e783" title="https://www.cve.org/CVERecord?id=CVE-2026-42945" href="https://www.cve.org/CVERecord?id=CVE-2026-42945" target="_blank" rel="noopener" data-linkindex="6" data-auth="NotApplicable">CVE-2026-42945</A><SPAN>&nbsp;</SPAN>affecting the ngx_http_rewrite_module component in certain NGINX configurations. According to the official F5 advisory, the vulnerability may be triggered under specific conditions involving rewrite directives, unnamed PCRE capture groups, and replacement strings containing a question mark (?).</P> <P class="x_MsoNormal">Following internal assessment and validation, Check Point confirms that Check Point-managed NGINX deployments are <STRONG>not affected</STRONG> by this vulnerability. The impacted ngx_http_rewrite_module functionality and vulnerable rewrite configuration pattern are not utilized within the Check Point WAF architecture or request processing flow.</P> <P class="x_MsoNormal">All Check Point-managed NGINX deployments, including<STRONG> CloudGuard WAF SaaS, AppSec Gateway, and Unified Container configurations, are not vulnerable to this CVE</STRONG>. Nevertheless, updated images including NGINX version 1.30.1 will be released shortly as part of our ongoing security and software maintenance process.</P> <P class="x_MsoNormal">Customers independently managing external or customer-owned NGINX infrastructure are strongly encouraged to upgrade their NGINX deployments to version 1.30.1 (or later) in accordance with the vendor’s security guidance and best practices.</P> <P class="x_MsoNormal">Check Point continuously monitors emerging vulnerabilities and security advisories as part of its ongoing product security and hardening processes.</P> <P class="x_MsoNormal">For any questions or additional guidance, please contact your Check Point representative. Check Point remains committed to keeping customers secure and staying ahead of emerging vulnerabilities.</P> <P class="x_MsoNormal" aria-hidden="true">&nbsp;</P> Tue, 19 May 2026 17:18:03 GMT Vani 2026-05-19T17:18:03Z https://community.checkpoint.com/t5/WAF/NGINX-CVE-2026-42945-Check-Point-Managed-NGINX-Deployments-Not/m-p/277141#M406 <H4 class="title is-size-5" data-v-9ec38c24=""><STRONG data-olk-copy-source="MessageBody">Description</STRONG></H4> <P class="content cve-x-scroll" data-v-9ec38c24="">NGINX Plus and NGINX Open Source have a vulnerability in the ngx_http_rewrite_module&nbsp;module. This vulnerability exists when the rewrite&nbsp;directive is followed by a rewrite, if, or set&nbsp;directive and an unnamed Perl-Compatible Regular Expression (PCRE) capture (for example, $1, $2) with a replacement string that includes a question mark (?). An unauthenticated attacker along with conditions beyond its control can exploit this vulnerability by sending crafted HTTP requests. This may cause a heap buffer overflow in the NGINX worker process leading to a restart. Additionally, for systems with Address Space Layout Randomization (ASLR ) disabled, code execution is possible.&nbsp;</P> <H4 class="title is-size-5" data-v-9ec38c24=""><STRONG data-olk-copy-source="MessageBody">Check Point Statement Regarding NGINX Vulnerability CVE-2026-42945</STRONG></H4> <P class="x_MsoNormal">Check Point is aware of the recently disclosed NGINX vulnerability<SPAN>&nbsp;</SPAN><A id="anchor-0ecd3ee1-85a6-5e7d-727e-e4a27374e783" title="https://www.cve.org/CVERecord?id=CVE-2026-42945" href="https://www.cve.org/CVERecord?id=CVE-2026-42945" target="_blank" rel="noopener" data-linkindex="6" data-auth="NotApplicable">CVE-2026-42945</A><SPAN>&nbsp;</SPAN>affecting the ngx_http_rewrite_module component in certain NGINX configurations. According to the official F5 advisory, the vulnerability may be triggered under specific conditions involving rewrite directives, unnamed PCRE capture groups, and replacement strings containing a question mark (?).</P> <P class="x_MsoNormal">Following internal assessment and validation, Check Point confirms that Check Point-managed NGINX deployments are <STRONG>not affected</STRONG> by this vulnerability. The impacted ngx_http_rewrite_module functionality and vulnerable rewrite configuration pattern are not utilized within the Check Point WAF architecture or request processing flow.</P> <P class="x_MsoNormal">All Check Point-managed NGINX deployments, including<STRONG> CloudGuard WAF SaaS, AppSec Gateway, and Unified Container configurations, are not vulnerable to this CVE</STRONG>. Nevertheless, updated images including NGINX version 1.30.1 will be released shortly as part of our ongoing security and software maintenance process.</P> <P class="x_MsoNormal">Customers independently managing external or customer-owned NGINX infrastructure are strongly encouraged to upgrade their NGINX deployments to version 1.30.1 (or later) in accordance with the vendor’s security guidance and best practices.</P> <P class="x_MsoNormal">Check Point continuously monitors emerging vulnerabilities and security advisories as part of its ongoing product security and hardening processes.</P> <P class="x_MsoNormal">For any questions or additional guidance, please contact your Check Point representative. Check Point remains committed to keeping customers secure and staying ahead of emerging vulnerabilities.</P> <P class="x_MsoNormal" aria-hidden="true">&nbsp;</P> Tue, 19 May 2026 17:18:03 GMT https://community.checkpoint.com/t5/WAF/NGINX-CVE-2026-42945-Check-Point-Managed-NGINX-Deployments-Not/m-p/277141#M406 Vani 2026-05-19T17:18:03Z