NGINX CVE-2026-42945 Exploited in the Wild, Causing Worker Crashes and Possible RCE

📅 17 May 2026 at 11:57 UTC📰 The Hacker NewsView original source ↗

A newly disclosed security flaw impacting NGINX Plus and NGINX Open has come under active exploitation in the wild, days after its public disclosure, according to VulnCheck. The vulnerability, tracked as CVE-2026-42945 (CVSS score: 9.2), is a heap buffer overflow in ngx_http_rewrite_module affecting NGINX versions 0.6.27 through 1.30.0. According to AI-native security company depthfirst, the

Read the full article

This is a curated summary. The complete article is available at The Hacker News.

Read on The Hacker News ↗

← Back to feed