AI agent finds 18-year-old remote code execution flaw in Nginx (opens in new tab)

Researchers have found a critical vulnerability in the widely used Nginx web server that can potentially lead to remote code execution under certain conditions. The flaw is a heap buffer overflow that has gone undetected in the program’s code for the past 18 years. Tracked as CVE-2026-42945, the vulnerability is one of 4 bugs found in Nginx by researchers from security startup DepthFirst AI, using their LLM-powered platform. It adds to the increasing number of flaws that security scanners and...