From: nginx security <security@nginx.org>
Date: Wed May 14 2026
Subject: [PATCH] fix: CVE-2026-42945 - Buffer overflow in ngx_http_rewrite_module
Upstream-commit: https://nginx.org/download/nginx-1.30.1.tar.gz
Signed-off-by: infra_team <zhaiwenjie1@huawei.com>

---
 src/http/ngx_http_script.c | 1 +
 1 file changed, 1 insertion(+)

diff --git a/src/http/ngx_http_script.c b/src/http/ngx_http_script.c
--- a/src/http/ngx_http_script.c
+++ b/src/http/ngx_http_script.c
@@ -1202,6 +1202,7 @@ ngx_http_script_regex_end_code(ngx_http_script_engine_t *e)

     r = e->request;

+    e->is_args = 0;
     e->quote = 0;

     ngx_log_debug0(NGX_LOG_DEBUG_HTTP, r->connection->log, 0,
                    "http script regex end");

     if (code->redirect) {
--