Security: When using the rewrite directive with a regex containing nested PCRE captures and a replacement string referencing multiple such captures, an attacker, given conditions beyond the attacker's control, could cause a worker process crash, or, on systems without address space layout randomization, arbitrary code execution (CVE-2026-9256); the fix was ported from nginx 1.31.1.
webserver-llc/angie
Angie-1.11.6
Angie 1.11.6
on GitHub
47 minutes ago