# Angie and Angie PRO updated to version 1.11.6

*25.05.2026*

A maintenance release of Angie and Angie PRO 1.11.6 has been published,
porting a fix for the CVE-2026-9256 vulnerability in the [rewrite](https://en.angie.software//angie/docs/configuration/modules/http/http_rewrite.md#id4)
directive, discovered in nginx the day before.

Maintenance releases of Angie and its commercial version Angie PRO — 1.11.6 —
have been published, porting a fix for the
[CVE-2026-9256](https://nvd.nist.gov/vuln/detail/CVE-2026-9256)
vulnerability discovered in nginx the day before.

The vulnerability can occur when the [rewrite](https://en.angie.software//angie/docs/configuration/modules/http/http_rewrite.md#id4) directive is used in
the configuration with regular expressions containing nested captures,
such as `rewrite ^/((.*))$ http://127.0.0.1:8080/?$1$2;`.

More details about the changes:

- [Changes in Angie 1.11.6](https://en.angie.software/angie/docs/oss_changes/#angie-1-11-6)
- [Changes in Angie PRO 1.11.6](https://en.angie.software/angie/docs/pro_changes/#angie-pro-1-11-6)

Have a great day!