Awaiting Analysis: kusanagi-nginx130 Security Update

Security Advisory

Synopsis

Issued 2026-05-25
Severity Awaiting Analysis
Updated Packages kusanagi-nginx130
Affected Products Business Edition, KUSANAGI 9, Security Edition

Description

An update for kusanagi-nginx130 is now available.

Security fix(es):

  • Security: a heap memory buffer overflow might occur in a worker process when using a configuration with overlapping captures in ngx_http_rewrite_module, potentially resulting in arbitrary code execution (CVE-2026-9256). Thanks to Mufeed VH of Winfunc Research.

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
CVE information may not yet be available on those websites.

References

Updated packages listed below

This product uses the NVD API but is not endorsed or certified by the NVD.

kusanagi-nginx130 Module Update 1.30.2-1

Share:

KUSANAGI Open Source Licenses | KUSANAGI Business Edition, Premium Edition, Security Edition End-User License Agreement

KUSANAGI Logo and Mascots | Privacy Policy | Vulnerability Disclosure Policy | Contact US

© 2015 - 2026 GMO Prime Strategy Co., Ltd. All rights reserved