Nginx-poolsip: new RCE 0-day and ASLR bypass in mainline Nginx
A new RCE vulnerability, known as nginx-poolsip, has been discovered in the latest release of Nginx, version 1.31.0. This vulnerability allows for remote code execution and has been found to bypass ASLR. A full technical writeup of the vulnerability and its bypass will be released 30 days after the patch is made available.
- ▪Nginx-poolsip is a new RCE vulnerability in Nginx version 1.31.0.
- ▪The vulnerability allows for remote code execution and bypasses ASLR.
- ▪A full technical writeup will be released 30 days after the patch is made available.
Opening excerpt (first ~120 words) tap to expand
Nebula Security@nebusecurityIntroducing nginx-poolslip, a fresh RCE for the the latest nginx release 1.31.0. nginx-rift has been patched, but our security agent Vega has found a new 0 day. We will release the full technical writeup with ASLR bypass 30 days after the patch on nebusec.ai.00:0012:10 PM · May 20, 2026481.4KViews:host{display:inline-block;direction:ltr;white-space:nowrap;line-height:1}span{display:inline-block}:host([data-will-change]) span{will-change:transform}.number,.digit{padding:round(nearest, calc(var(--number-flow-mask-height, 0.25em) / 2), 1px) 0}.symbol{white-space:pre}28:where(number-flow-react){line-height:1}number-flow-react > span{font-kerning:none;display:inline-block;padding:calc(round(nearest, calc(var(--number-flow-mask-height, 0.25em) / 2), 1px) * 2)…
Excerpt limited to ~120 words for fair-use compliance. The full article is at X (formerly Twitter).