diff --git a/docker-compose.yml b/docker-compose.yml
index 2ac73d0..ea8ea1a 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -380,7 +380,9 @@ services:
       retries: 3
 
   frontend:
-    image: nginx:alpine
+    # CVE-2026-42945 (NGINX Rift, ngx_http_rewrite_module heap overflow, CVSS 9.2)
+    # 대응: 미고정 nginx:alpine → 패치 stable 버전 고정 (fix in 1.30.1 / 1.31.0)
+    image: nginx:1.30.1-alpine
     container_name: frontend
     restart: unless-stopped
     depends_on: