Critical NGINX Vulnerability CVE-2026-42945 Exposes Millions to RCE and DoS Attacks

Severity: High (Score: 78.8)

Sources: almalinux.org, Bleepingcomputer, nvd.nist.gov, Securityaffairs.Co, Ubuntu

Summary

A critical vulnerability, CVE-2026-42945, has been discovered in the NGINX web server's ngx_http_rewrite_module, allowing unauthenticated attackers to execute remote code or crash servers. This heap-based buffer overflow has existed for 18 years, affecting all versions from 0.6.27 to 1.30.0. Attackers can exploit this flaw by sending specially crafted HTTP requests, particularly in configurations using unnamed PCRE captures followed by certain directives. The vulnerability has been rated with a CVSS score of 9.2, indicating its critical nature. Emergency patches have been released, but the exploit is already public, raising concerns about imminent attacks. Organizations running NGINX are urged to update their systems immediately to mitigate risks. The vulnerability is particularly dangerous for internet-facing servers with non-trivial rewrite rules. Key Points: • CVE-2026-42945 allows remote code execution and denial of service via crafted HTTP requests. • The vulnerability affects all NGINX versions from 0.6.27 to 1.30.0 and has existed for 18 years. • Emergency patches have been released, but public proof-of-concept exploits are already available.

Key Entities

• DDoS (attack_type)
• Denial of Service (attack_type)
• Zero-day Exploit (attack_type)
• CVE-2026-42945 (cve)
• CWE-120 - Classic Buffer Overflow (cwe)
• Cwe-122 - Heap-based Buffer Overflow (cwe)
• CWE-287 - Improper Authentication (cwe)
• bugs.almalinux.org (domain)
• T1059 - Command and Scripting Interpreter (mitre_attack)
• T1190 - Exploit Public-Facing Application (mitre_attack)
• AlmaLinux (platform)
• CentOS Stream (platform)
• Kubernetes (platform)
• Nginx Open Source (platform)
• Nginx Plus (platform)
• Nginx (tool)
• Ubuntu (company)
• Nginx Rift (vulnerability)