*) Security: a heap memory buffer overflow might occur in a worker
   process when using a configuration with overlapping captures in
   ngx_http_rewrite_module, potentially resulting in arbitrary code
   execution (CVE-2026-9256).
   Thanks to Mufeed VH of Winfunc Research.