New on LowEndTalk? Please Register and read our Community Rules.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
NGINX CVE-2026-42945 Exploited in the Wild, Causing Worker Crashes and Possible RCE
A newly disclosed security flaw impacting NGINX Plus and NGINX Open has come under active exploitation in the wild, days after its public disclosure, according to VulnCheck.
The vulnerability, tracked as CVE-2026-42945 (CVSS score: 9.2), is a heap buffer overflow in ngx_http_rewrite_module affecting NGINX versions 0.6.27 through 1.30.0. According to AI-native security company depthfirst, the vulnerability was introduced in 2008.
Successful exploitation of the flaw can permit an unauthenticated attacker to crash ....
https://thehackernews.com/2026/05/nginx-cve-2026-42945-exploited-in-wild.html
This discussion has been closed.
Comments
NGINX Rift attackers waste no time targeting exposed servers
Researchers say 18-year-old flaw already being probed and exploited just days after disclosure
Exploit attempts are already hammering a newly disclosed NGINX bug dubbed "NGINX Rift," proving once again that attackers read patch notes faster than most admins.
Researchers at VulnCheck said they are seeing active exploitation tied to CVE-2026-42945, a heap buffer overflow flaw affecting both NGINX Open Source and NGINX Plus that was disclosed last week after apparently sitting unnoticed for 18 years.
VulnCheck's Patrick Garrity said the company observed exploitation activity on its canary systems "just days after the CVE was published." ...
https://www.theregister.com/security/2026/05/18/nginx-rift-attackers-waste-no-time-targeting-exposed-servers/5241851
It was discussed here:
https://lowendtalk.com/discussion/217261/nginx-rift-critical-vulnerability-cve#latest
There's a script you can run against your configuration to check vulnerability. Also, Debian released patches 2 days ago.
https://security-tracker.debian.org/tracker/CVE-2026-42945