# NGINX Rift — CVE-2026-42945 / CVE-2026-9256 漏洞扫描与验证工具
项目地址：https://github.com/nu0l/NGINX-Rift
[](https://github.com/nu0l/NGINX-Rift/tree/main#nginx-rift--cve-2026-42945--cve-2026-9256-%E6%BC%8F%E6%B4%9E%E6%89%AB%E6%8F%8F%E4%B8%8E%E9%AA%8C%E8%AF%81%E5%B7%A5%E5%85%B7)

[![Go](https://camo.githubusercontent.com/0f07ccb3981de6d8a663b56e62955b687f2fee3732fa530bcc22cb7a48d2cb02/68747470733a2f2f696d672e736869656c64732e696f2f62616467652f6c616e67756167652d476f2d3030414444383f7374796c653d666c61742d737175617265266c6f676f3d676f)](https://camo.githubusercontent.com/0f07ccb3981de6d8a663b56e62955b687f2fee3732fa530bcc22cb7a48d2cb02/68747470733a2f2f696d672e736869656c64732e696f2f62616467652f6c616e67756167652d476f2d3030414444383f7374796c653d666c61742d737175617265266c6f676f3d676f) [![CVE-2026-42945 | CVE-2026-9256](https://camo.githubusercontent.com/d64206037037a108aae712d784d79c88a6a9d64438d9924833f0601236ee74ff/68747470733a2f2f696d672e736869656c64732e696f2f62616467652f4356452d2d323032362d2d34323934352532302537432532304356452d2d323032362d2d393235362d7265643f7374796c653d666c61742d737175617265)](https://camo.githubusercontent.com/d64206037037a108aae712d784d79c88a6a9d64438d9924833f0601236ee74ff/68747470733a2f2f696d672e736869656c64732e696f2f62616467652f4356452d2d323032362d2d34323934352532302537432532304356452d2d323032362d2d393235362d7265643f7374796c653d666c61742d737175617265) [![License](https://camo.githubusercontent.com/ac049ef4e7a0b7196b09add6ac2d4f180e544c0ac779c2b2ac2fd2723a209579/68747470733a2f2f696d672e736869656c64732e696f2f62616467652f6c6963656e73652d4d49542d626c75653f7374796c653d666c61742d737175617265)](https://camo.githubusercontent.com/ac049ef4e7a0b7196b09add6ac2d4f180e544c0ac779c2b2ac2fd2723a209579/68747470733a2f2f696d672e736869656c64732e696f2f62616467652f6c6963656e73652d4d49542d626c75653f7374796c653d666c61742d737175617265) [![Platform](https://camo.githubusercontent.com/211d365433cd4f086fc28b395f52ed3e8180e5932917fb6e54ffdf713d4e111d/68747470733a2f2f696d672e736869656c64732e696f2f62616467652f706c6174666f726d2d57696e646f77732532302537432532304c696e75782532302537432532306d61634f532d6c69676874677265793f7374796c653d666c61742d737175617265)](https://camo.githubusercontent.com/211d365433cd4f086fc28b395f52ed3e8180e5932917fb6e54ffdf713d4e111d/68747470733a2f2f696d672e736869656c64732e696f2f62616467652f706c6174666f726d2d57696e646f77732532302537432532304c696e75782532302537432532306d61634f532d6c69676874677265793f7374796c653d666c61742d737175617265)

NGINX Rift 是一款针对 **CVE-2026-42945** 和 **CVE-2026-9256**（NGINX `ngx_http_rewrite_module` 堆溢出漏洞）的开源扫描与验证工具。支持远程网络指纹扫描和本地深度配置审计，帮助安全团队快速排查 NGINX 环境中的潜在风险。

## 漏洞概述

[](https://github.com/nu0l/NGINX-Rift/tree/main#%E6%BC%8F%E6%B4%9E%E6%A6%82%E8%BF%B0)

### CVE-2026-9256 (CVSS 4.0: 9.2 Critical)

| 属性     | 详情                                                              |
|--------|-----------------------------------------------------------------|
| CVE 编号 | CVE-2026-9256                                                   |
| 漏洞类型   | 堆缓冲区溢出 (Heap-based Buffer Overflow, CWE-122)                    |
| 影响组件   | NGINX ngx_http_rewrite_module                                   |
| 影响版本   | NGINX 开源版 0.1.17 ~ 1.31.0 (mainline) / 0.1.17 ~ 1.30.1 (stable) |
| 修复版本   | NGINX 1.31.1 (mainline) / 1.30.2 (stable)，发布于 2026-05-22        |
| 危害等级   | 高危 — 可导致拒绝服务 (DoS)，ASLR 关闭时可实现远程代码执行 (RCE)                      |

## 功能特性

[](https://github.com/nu0l/NGINX-Rift/tree/main#%E5%8A%9F%E8%83%BD%E7%89%B9%E6%80%A7)

*   **远程扫描模式 (Scan)** — 通过 HTTP 响应头指纹识别 NGINX 版本，支持单目标和批量扫描
*   **本地验证模式 (Verify)** — 三步立体审计：二进制版本检测 → 配置文件语义分析 → K8s Ingress 资源探测
*   **OS 补丁回溯检测** — 联动 `dpkg`/`rpm` 包管理器，检测发行版是否已通过 Backport 修复漏洞
*   **K8s 云原生支持** — 自动发现 Kubernetes Ingress 资源中的危险 `rewrite-target` 注解
*   **零依赖** — 纯 Go 标准库实现，单文件编译，无第三方依赖
*   **跨平台** — 支持 Windows / Linux / macOS (amd64 + arm64)

CVE-2026-42945漏扫验证