depthfirst.com

Nginx Rift: RCE via heap buffer overflow in rewrite module (CVE-2026-42945) (opens in new tab)

Covered by 6 sources See all sources covering this story including Comments on:, heise onlineDiscussed on Hacker News and Hacker News

An 18 year old memory corruption flaw in NGINX Plus and NGINX Open Source lets an unauthenticated attacker crash worker processes or execute remote code with crafted HTTP requests.

Read the original article
Sign in to keep reading the full article.
Sign UpLog In

Covered in 6 articles

Comments on:·

Hackers Actively Exploit ‘Nginx Rift’ Vulnerability Affecting NGINX, F5 Products

Feeds
The Hacker News·

18-Year-Old NGINX Rewrite Module Flaw Enables Unauthenticated RCE

Feeds
Malware Analysis, News and Indicators·

NGINX Rift (CVE-2026-42945): An 18-Year-Old Vulnerability That Lets Anyone Take Over Your Web Server

Feeds
View all 6 ›

Keyboard Shortcuts

Navigation

Next / previous post
j/k
Open post
oorEnter
Preview post
v

Post Actions

Love post
a
Like post
l
Dislike post
d
Undo reaction
u
Save / unsave
s

Recommendations

Add interest / feed
Enter
Not interested
x

Go to

Home
gh
Interests
gi
Feeds
gf
Likes
gl
History
gy
Changelog
gc
Settings
gs
Discover
gb
Search
/

General

Show this help
?
Submit feedback
!
Close modal / unfocus
Esc

Press ? anytime to show this help