Resolved CVE-2026-9256 NGINX ngx_http_rewrite_module vulnerability

devnull · May 23, 2026

See https://www.cve.org/CVERecord?id=CVE-2026-9256 . I saw that Cpanel already fixed the issue https://support.cpanel.net/hc/en-us...ea-nginx-v1-31-1-Security-Release-May-22-2026

When does Plesk?

Sebahat.hadzhi · May 26, 2026

@devnull , thank you for the question. A hotfix is in progress, and the update will be released for Plesk Obsidian 18.0.77 and 18.0.78. The ETA is 27-28th of May.

Franchino · May 26, 2026

Plesk Obsidian 18.0.78 Update 2

Changes in Third-Party Components

Updated nginx and the sw-cp-server service to version 1.30.2.

https://docs.plesk.com/release-notes/obsidian/change-log/#plesk-18078-mu2

Daveo · May 27, 2026

Also, for 18.0.77 users...

Plesk Obsidian 18.0.77 Update 4

27 May 2026

Changes in Third-Party Components

Linux

Updated nginx and the sw-cp-server service to version 1.30.2.

https://docs.plesk.com/release-notes/obsidian/change-log/?18077#plesk-18077-mu4

Resolved CVE-2026-9256 NGINX ngx_http_rewrite_module vulnerability

devnull

New Pleskian

Sebahat.hadzhi

Community Manager

Franchino

New Pleskian

Daveo

Regular Pleskian

Plesk Obsidian 18.0.77 Update 4

Changes in Third-Party Components

Linux

Similar threads

Resolved CVE-2026-9256 NGINX ngx_http_rewrite_module vulnerability

devnull

New Pleskian

Sebahat.hadzhi

Community Manager

Franchino

New Pleskian

Daveo

Regular Pleskian

Plesk Obsidian 18.0.77 Update 4​

Changes in Third-Party Components​

Linux​

Similar threads

Plesk Obsidian 18.0.77 Update 4

Changes in Third-Party Components

Linux