Analysis updated 2026-05-18
Check whether a running NGINX server's configuration contains the CVE-2026-42945 risk pattern.
Audit an exported NGINX configuration file for vulnerable rewrite and set directive combinations.
Get a quick version check plus configuration risk report before deciding whether to upgrade NGINX.
Add this scan as a step in a server security review checklist.
| friparia/nginx_rift_scan_cve_2026_42945 | aaravkashyap12/advise-project-approach | abu-rayhan-alif/django-saas-kit | |
|---|---|---|---|
| Stars | 23 | 23 | 23 |
| Language | Python | Python | Python |
| Setup difficulty | easy | easy | moderate |
| Complexity | 2/5 | 2/5 | 3/5 |
| Audience | ops devops | developer | developer |
Figures from each repo's GitHub metadata at analysis time.
May need sudo to read the full NGINX configuration, static scanner only, not an exploit tool.
This is a Python script that scans an NGINX web server's configuration for a specific security vulnerability, CVE-2026-42945, nicknamed NGINX Rift. NGINX is widely used software for serving websites and acting as a reverse proxy, a gateway that routes internet traffic to backend services. The vulnerability involves a particular combination of NGINX configuration directives. When a rewrite rule, which rewrites a URL path, includes a question mark character in the replacement string, and a later directive in the same block references an unnamed pattern capture variable like $1 or $2, a mismatch between how the script engine counts string lengths and how it copies memory can cause a heap buffer overflow, a type of security bug that can allow remote code execution, meaning an attacker running arbitrary commands on the server. The scanner works by running the nginx -T command to dump the full active configuration and then statically checking it for this risky pattern. It reports whether the installed NGINX version falls in the affected range, whether the vulnerable configuration sequence was found, and what action to take. If the pattern is detected, it shows the exact location and surrounding context lines. You run it with a single command, python3 scan_rift.py, adding sudo if elevated permissions are needed to read the configuration. You can also point it at a previously exported configuration file instead of scanning live. The README notes this is a configuration scanner, not an exploit tool. It can produce false positives and should be followed by manual review. It is written in Python, and the README is in Chinese with an English version linked.
A Python scanner that checks an NGINX server's configuration for the risky pattern behind CVE-2026-42945, a known remote code execution vulnerability.
Mainly Python. The stack also includes Python.
Setup difficulty is rated easy, with roughly 5min to a first successful run.
Mainly ops devops.
This repo across BitVibe Labs
Verify against the repo before relying on details.