{"uuid": "6ab8f904-e88b-4603-90b6-a99a3f12ed6a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-9256", "type": "seen", "source": "https://mstdn.social/users/jschauma/statuses/116620852119462759", "content": "The previous announced sibling vulnerability to \"nginx rift\" has been fixed by F5 and has been assigned CVE-2026-9256):\nhttps://my.f5.com/manage/s/article/K000161377\nThis was previously called \"nginx-poolslip\" (https://nitter.net/nebusecurity/status/2057071579876753643) and is a DoS with possible RCE (\"if the attacker can bypass ASLR\" - not sure how?), using a similar regex capture vector.\nWouldn't be surprised if this is the new norm: one vuln lands, everybody points their AI at that attack vector and discovers sibling vulns.", "creation_timestamp": "2026-05-22T23:36:24.040138Z"}