Nginx-poolslip Flaw Exposes Servers to DoS and Code Execution Attacks

**Nginx-poolslip (CVE-2026-9256)** — A critical heap-based buffer overflow in NGINX's ngx_http_rewrite_module caused by ambiguous/overlapping PCRE capture groups can be triggered remotely to cause worker crashes (DoS) and, under certain conditions, remote code execution; affects NGINX Open Source 1.0.0–1.30.1 and NGINX Plus 37.0.0 and is patched in 1.30.2/1.31.1 and 37.0.1.1, with guidance to upgrade, audit rewrite rules (use named captures), and enable mitigations such as ASLR.