{question}
Has SingleStore been affected by the recent NGINX Rift vulnerability (CVE-2026-42945)?
{question}
{answer}
NGINX RIFT is a critical heap buffer overflow vulnerability in NGINX that can lead to memory corruption and potential remote code execution under certain conditions.
Upon evaluating our environment, SingleStore recognized a small number of NGINX instances within our Helios infrastructure that were potentially at risk. We took swift action to remediate the situation, patching all outdated or vulnerable instances to mitigate any exploitation risks. Additionally, while some older instances remained unpatched, they were verified not to utilize the problematic rewrite-rule pattern.
At this time, we have found no evidence of exploitation or unauthorized activity related to this vulnerability in SingleStore environments.
- If you are a SingleStore Helios customer, no action is required from you. All identified Helios infrastructure has already been remediated and secured.
- If you are running SingleStore self-managed / on-premises deployments, this bulletin does not apply, as the affected NGINX components are not part of the supported self-managed product architecture
{answer}