Tag

#nginx

3 posts tagged #nginx.

Field Note · May 28, 2026 · Colten Anderson

NGINX Rift: four places apt upgrade doesn't reach

The host patch for CVE-2026-42945 shipped on day one. The container images, the App Protect WAF in front of it, the downstream forks, and the config audit it leaves behind are separate jobs.
Analysis · May 28, 2026 · Colten Anderson

Ingress-nginx got archived in March. The first critical CVE arrived in May.

The Kubernetes community archived ingress-nginx seven weeks before an 18-year-old heap overflow dropped in the NGINX core it ships. The fix path is now a migration project, not a patch.
Analysis · May 20, 2026 · Colten Anderson

PHP-FPM CVE-2019-11043: an RCE that depended on a copy-pasted nginx config

CVE-2019-11043 is a remote code execution bug in PHP-FPM, but it only fires on a specific nginx configuration, one that circulated widely in tutorials and got copy-pasted into production everywhere. The bug is in the code; the exposure came from a config snippet.