NGINX Rift (CVE-2026-42945)

steko · May 14, 2026, 11:45am

What type of hardware are you using: VPS bought online
What YunoHost version are you running: 12.1.39
How are you able to access your server: The webadmin
SSH
Are you in a special context or did you perform specific tweaking on your YunoHost instance ?: no

Describe your issue

I see there is a CVE for Nginx versions up to 1.30 called “Nginx rift” NGINX Rift and the current version in Yunohost seems to fall into the affected range.

nginx          1.22.1-9+deb12u4

I can’t verify if there are rewrite rules that make my Yunohost vulnerable, but I’d like to be safe and ask.

Share relevant logs or error messages

.

tituspijean · May 14, 2026, 8:11pm

YunoHost does not set the NGINX version, so we are dependent on the Debian updates.

So far there are none. You can check the following page: CVE-2026-42945

mobi0001 · May 15, 2026, 5:27pm

@tituspijean Yes, but are there any setups which YNH does for its own setups, that we need to change or work on to be safe till Debian releases the fix?