Skip to content
Verified reproduction

REPRO-2026-00228: nginx charset module segfaults when charset_map uses utf-8 as source charset, causing a NULL pointer dereference and DoS.

REPRO-2026-00228 is verified against nginx · generic affected versions: < 29c23ad846787e8baa1390b2edca479eb63ea8d7 (exact releases not specified) fixed version: 29c23ad846787e8baa1390b2edca479eb63ea8d7 This high reproduction includes runnable sandbox proof, artifacts, and a plain-text agent view under REPRO-2026-00228.

REPRO-2026-00228 nginx · generic Jul 4, 2026 .txt
Severity HIGH
Confidence HIGH
Reproduced in 9m 18s
Tool calls 99
Spend $1.60
Affected < 29c23ad846787e8baa1390b2edca479eb63ea8d7 (exact releases not specified)
Fixed in 29c23ad84678
$ pruva-verify REPRO-2026-00228
or curl -O https://pruva.dev/api/v1/reproductions/REPRO-2026-00228/artifacts/bundle/repro/reproduction_steps.sh && chmod +x reproduction_steps.sh && ./reproduction_steps.sh
Run in a VM or disposable container. This exploits a real vulnerability.
02 · The vulnerability

A misconfigured charset_map directive with utf-8 as the source charset (first column) causes nginx to dereference a NULL pointer and segfault during request processing. The charset module was never designed to handle UTF-8 as a source charset in charset_map; accessing uninitialized tables leads to an immediate worker process crash.

03 · Root cause
04 · Reproduction transcript

The agent's step-by-step process — every tool call, every handoff, the moment the exploit fired. Phases: support triages the advisory · repro reproduces it · vuln_variant confirms the fix blocks it · judge verifies.

Loading session...

05 · Artifacts

Scripts, logs, diffs, and output captured during the reproduction.