Added virtual patch for CVE-2026-42945 (NGINX Rift)
A critical heap-based buffer overflow vulnerability has been found in ngx_http_rewrite_module of NGINX Open Source and NGINX Plus and has been assigned CVE-2026-42945. Fastly has created a virtual patch for it that is now available within your account. To activate it and add protection to your services, follow the steps for your control panel below.
Next-Gen WAF control panel
- Professional or Premier platform
- Essential platform
Log in to the Next-Gen WAF control panel.
From the Sites menu, select a site if you have more than one site.
- From the Rules menu, select Templated Rules.
- In the search bar, enter
CVE-2026-42945and then click View for the CVE-2026-42945 templated rule. - Click Configure and then Add trigger.
- Select the Block requests from an IP immediately if the CVE-2026-42945 signal is observed checkbox.
- Click Update rule.
Fastly control panel
Log in to the Fastly control panel.
Go to Security > Next-Gen WAF > Workspaces.
- Click Virtual Patches.
- In the search bar, enter
CVE-2026-42945and then click the pencil to the right of the CVE-2026-42945 virtual patch. - From the Status menu, select Enabled.
- (Optional) If your workspace is in blocking mode, choose whether to Block requests or Log requests if the CVE-2026-42945 signal is observed.
- Click Update virtual patch.
Prior change: New Google Cloud Service Extensions integration
Following change: Added virtual patch for CVE-2026-9082 (Unauthenticated SQL Injection in Drupal)
