CVE-2026-42533 is a heap buffer overflow vulnerability in NGINX Plus and NGINX Open Source affecting configurations that use the map directive with regex matching. The flaw occurs when a string expression references the map directive's regex capture variables before referencing the map output variable. The same unsafe state can also be reached under certain conditions when a non-cacheable variable is used in a string expression. A remote unauthenticated attacker can trigger the issue by sending crafted HTTP requests that exercise the vulnerable configuration path. Successful triggering causes memory corruption in the NGINX worker process and can lead to worker restart. In environments where Address Space Layout Randomization is disabled, or where an attacker can bypass ASLR, the memory corruption may be exploitable for code execution. The exposure is limited to the data plane and does not affect the control plane.
Mallory correlates every CVE against your assets, your vendors, and active adversary campaigns. Know which vulnerabilities matter for you, not just which ones are loud.
What it means. What to do now. Patch path, mitigations, and the assume-compromise checklist.
What an attacker gets, and what they’ve been doing with it.
If you can’t patch tonight, do this now.
Patch, then assume compromise.
No valid public exploits. Mallory filtered out 1 candidate as fakes, detection scripts, or README-only repos.
All candidate exploits were filtered out by Mallory's validation.
11 sources tracked across advisories, community write-ups, and news. New activity surfaces here as Mallory finds it.
A heap buffer overflow in NGINX's map directive regex handling that can let unauthenticated attackers crash worker processes and potentially achieve arbitrary code execution.
A heap buffer overflow vulnerability in NGINX Plus and NGINX Open Source involving map directive regex matching and variable reference ordering, which can be triggered via crafted HTTP requests to cause denial of service and potentially remote code execution.
Уязвимость в nginx, связанная с обработкой директивы map и regex-capture references, которая может приводить к обращению к неинициализированной памяти и удалённому отказу в обслуживании через специально сформированный HTTP-запрос.
Критическая уязвимость в nginx, связанная с директивой map и использованием ссылок на захваченные группы регулярных выражений, которая может приводить к обращению к неинициализированной памяти и потенциальному удалённому выполнению кода.
Query your assets running an affected version, and investigate the blast radius.
Every observed campaign linking this CVE to a named adversary.
Malware families riding this exploit, with evidence and IOCs.
YARA, Sigma, Snort, and vendor rules, auto-deployed to your SIEM.
Cross-references every affected SKU, including bundled OEM variants.
Community discussion across Reddit, Mastodon, and other social sources.