NGINX

vrelease-1.31.1 scope: release Security

This release includes 1 security fix for security teams reviewing exposed deployments.

Published 12d Reverse Proxies & Load Balancers

View tool

✓ No known CVEs patched

Read the diff → Tool health → What is this tool? →

This release patches 1 known CVE

Topics

content-cache http http2 http3 https load-balancing

+9 more

mail-proxy-server nginx quic proxy security tcp-proxy-server tls udp-proxy-server web-server

Affected surfaces

rce_ssrf

ReleasePort's take

Light signal

editorial:auto 12d

Nginx release 1.31.1 patches a CVE‑2026‑9256 buffer overflow in ngx_http_rewrite_module.

Why it matters: Patch immediately if using ngx_http_rewrite_module to prevent remote code execution (CVE severity high).

Summary

AI summary

Fixes a CVE‑2026‑9256 buffer overflow vulnerability in ngx_http_rewrite_module.

Changes in this release

Type	Severity	Summary	CVE
Security	Medium	Fixes buffer overflow vulnerability in ngx_http_rewrite_module (CVE-2026-9256). Fixes buffer overflow vulnerability in ngx_http_rewrite_module (CVE-2026-9256). Source: llm_adapter@2026-05-22 Confidence: low	—
Security	Medium	Fixes buffer overflow with overlapping captures in Rewrite module (CVE-2026-9256). Fixes buffer overflow with overlapping captures in Rewrite module (CVE-2026-9256). Source: llm_adapter@2026-05-22 Confidence: low	—
Feature	Medium	Updates release metadata for nginx-1.31.1 by @pluknet. Updates release metadata for nginx-1.31.1 by @pluknet. Source: llm_adapter@2026-05-22 Confidence: low	—
Bugfix
Bugfix	Medium	Avoids adding or comparing to null pointer in MP4 handling. Avoids adding or comparing to null pointer in MP4 handling. Source: llm_adapter@2026-05-22 Confidence: high	—
Bugfix	Medium	Fixes mail error path issues. Fixes mail error path issues. Source: llm_adapter@2026-05-22 Confidence: high	—
Bugfix	Medium	Hardens escape flags control in Rewrite module. Hardens escape flags control in Rewrite module. Source: llm_adapter@2026-05-22 Confidence: high	—
Bugfix	Medium	Fixes set-creation-date.yaml workflow. Fixes set-creation-date.yaml workflow. Source: llm_adapter@2026-05-22 Confidence: low	—
Bugfix	Medium	Limits Content-Type and Location response header length for HTTP/2. Limits Content-Type and Location response header length for HTTP/2. Source: llm_adapter@2026-05-22 Confidence: low	—

Full changelog

nginx-1.31.1 mainline version has been released, with a fix for buffer overflow vulnerability in the ngx_http_rewrite_module (CVE-2026-9256).

See official CHANGES on nginx.org.

Below is a release summary generated by GitHub.

What's Changed

Fix the set-creation-date.yaml workflow by @ac000 in https://github.com/nginx/nginx/pull/1353
Mp4: avoid adding or comparing to null pointer by @arut in https://github.com/nginx/nginx/pull/1360
HTTP/2: limit Content-Type and Location response header length by @arut in https://github.com/nginx/nginx/pull/1359
Mail error path fixes by @arut in https://github.com/nginx/nginx/pull/1358
Rewrite: harden escape flags control by @arut in https://github.com/nginx/nginx/pull/1381
Rewrite: fix buffer overflow with overlapping captures by @arut in https://github.com/nginx/nginx/pull/1395
nginx-1.31.1-RELEASE by @pluknet in https://github.com/nginx/nginx/pull/1396

Full Changelog: https://github.com/nginx/nginx/compare/release-1.31.0...release-1.31.1

Security Fixes

CVE-2026-9256 — buffer overflow in ngx_http_rewrite_module

View diff on GitHub

Weekly OSS security release digest.

The CVE patches and breaking changes that affected production tools this week. One email, every Sunday.

No spam, unsubscribe anytime.

Share this release

Share on X Share on Bluesky

Track NGINX

Get notified when new releases ship.

About NGINX

HTTP and reverse proxy server, mail proxy server, and generic TCP/UDP proxy server.

NGINX

ReleasePort's take

Summary

Changes in this release

What's Changed

Security Fixes

Related context

Related tools

Related CVEs