Customers using TKGi or TKGIMC may be concerned about security vulnerability CVE-2026-42945. Security scanners may flag the NGINX rewrite module ngx_http_rewrite_module as potentially allowing remote attackers to execute arbitrary code.

TKGi and TKGIMC

CVE-2026-42945 is a vulnerability identified in the ngx_http_rewrite_module of certain NGINX versions. It involves how rewrite rules are processed, which could theoretically be exploited for remote code execution.

Neither TKGi or TKGIMC are impacted by CVE-2026-42945.

TKGi is not bundled with Nginx.

TKGIMC is bundled with Nginx but ngx_http_rewrite_module module is not used.

For any TKGI workloads using Bitnami Nginx, please upgrade Nginx images or helm charts

https://community.broadcom.com/tanzu/blogs/beltran-rueda-borrego/2026/05/14/critical-nginx-rce-vulnerability-cve-2026-42945