TECHNICAL IMPACT STATEMENT: SWP/Deep Security 20.x for CVE-2026-42925 (NGINX Rift)

Product / Version includes:

Deep Security 20.0

Last updated: 2026/05/26

Solution ID: KA-0023439

Category:

Summary

This article serves as an official communication from TrendAI regarding the technical impact of the following vulnerability as it relates to Server and Workload Protection (SWP) and Deep Security 20.x and the NGINX Rift vulnerability (CVE-2026-42925).

Technical Analysis by CVE

1. CVE-2026-42945: NGINX ngx_http_rewrite_module vulnerability

CVSSv3.1 8.1 (High Severity)
Deep Security/SWP: Based on the analysis of the vulnerability by the TrendAI development team, it has been confirmed that SWP/Deep Security is not affected or impacted by this vulnerability because although the product uses NGINX, TrendAI's configuration does not use the affected rewrite/if/set directives with $N capture references. Even though the product is not affected by this particular vulnerability, the NGINX components are scheduled to be updated in the June 2026 Deep Security Agent (DSA).
Endpoint Basecamp: Based on the analysis of the vulnerability by the TrendAI development team, it has been confirmed that Endpoint Basecamp is not affected or impacted by this vulnerability because the specific conditions required to trigger the vulnerability do not exist in the product configuration. Even though the product is not affected by this particular vulnerability, the NGINX components are scheduled to be updated in the July Basecamp as part of a pre-scheduled refresh.

Was this article helpful?

Featured

Automation Center

Education Portal

Online Help Center

Service Status

TrendConnect

TECHNICAL IMPACT STATEMENT: SWP/Deep Security 20.x for CVE-2026-42925 (NGINX Rift)

Technical Analysis by CVE

TECHNICAL IMPACT STATEMENT: SWP/Deep Security 20.x for CVE-2026-42925 (NGINX Rift)

Product / Version includes:

Summary

Technical Analysis by CVE