Nginx-poolslip Vulnerability Enables DoS and Code Execution Attacks — Patch Now!
Maxim Dounin
mdounin at mdounin.ru
Mon Jun 15 11:25:42 UTC 2026
Hello!
On Mon, Jun 15, 2026 at 07:57:14AM +0000, Turritopsis Dohrnii Teo En Ming via nginx wrote:
> Here is an article which I would like to share.
>
> Article: Nginx-poolslip Vulnerability Enables DoS and Code Execution Attacks — Patch Now!
> Link: https://cybersecuritynews.com/nginx-poolslip-vulnerability/amp/
In no particular order:
- The "vulnerability" in question requires quite uncommon
configuration with nested rewrite captures. While vulnerable
configurations are theoretically possible, it is highly unlikely
that a particular configuration, even with rewrites being used, is
vulnerable.
- Even if the particular configuration is vulnerable, exploiting it
for anything beyond DoS is, at least, questionable.
- Avoid following the "replace positional captures with named
captures" recommendation without understanding the effects.
When done incorrectly, you are going to introduce response or
request splitting issues in your configuration.
- It is already fixed in freenginx 1.31.2 (mainline) and freenginx
1.30.1 (stable).
Hope this helps.
--
Maxim Dounin
http://mdounin.ru/
More information about the nginx
mailing list