Situation
Security vulnerabilities tied to the ea-nginx ngx_http_rewrite_module (CVE-2026-9256) have been discovered.
Impact
We are releasing a security update to update ea-nginx to version 1.31.1 to address these vulnerabilities.
Note: Please see the latest EasyApache4 changelogs for version information:
https://docs.cpanel.net/changelogs/easyapache-4-change-log-25/
Update: EA-nginx v1.31.1 has been released.
2026 May 22
ea-nginx
EA-13448: Update ea-nginx from v1.31.0 to v1.31.1.
(CVE-2026-9256) Security: Remote code execution via worker process memory pool handling (nginx-poolslip).
ea-nginx-passenger
EA-13443: Update ea-nginx-passenger from v6.1.2 to v6.1.3.
Call to Action
You can confirm if ea-nginx is installed and updated to the latest version with the following commands:
# dnf list installed ea-nginx
If ea-nginx is installed, but not updated, you can use the following command to proceed with that update:
# dnf update
# apt policy ea-niginx
If they are installed, there will be a specified version in the "Installed" field, as shown below:
CONFIG_TEXT: # apt policy ea-nginx
ea-nginx:
Installed: 1.31.0-1+3.2.cpanel
Candidate: 1.31.0-1+3.2.cpanel
If the Installed field shows "(none)" the package is not installed.
If ea-nginx is installed, but is not updated, you can use the following command to perform the update and upgrade:
# apt update && apt upgrade
Comments
0 comments
Article is closed for comments.