Critical bug in F5 NGINX actively exploited | news
Source: Scworld
Published:
<p>A critical CVSS v4.0 9.2 bug affecting F5’s NGINX Plus and NGINX Open Source was exploited in the wild.</p> <p>The flaw — CVE-2026-42945 — was described as a heap buffer overflow in the ngx_http_rewrite_module component that’s lurked in NGINX code since 2008.</p> <p>VulnCheck security researcher