Critical NGINX Vulnerability CVE-2026-42945 Exposes Millions to RCE and DoS Attacks

Critical NGINX Vulnerability CVE-2026-42945 Exposes Millions to RCE and DoS Attacks

First seen 14 May 2026, 00:15 UTC Depthfirstnvd.nist.govCybersecuritynewsCybernewsUbuntu+31 85% similarity 78.8

Article Content

Browse articles
ThreatCluster

A critical vulnerability, CVE-2026-42945, has been discovered in the NGINX web server's ngx_http_rewrite_module, allowing unauthenticated attackers to execute remote code or crash servers. This heap-based buffer overflow has existed for 18 years, affecting all versions from 0.6.27 to 1.30.0. Attackers can exploit this flaw by sending specially crafted HTTP requests, particularly in configurations using unnamed PCRE captures followed by certain directives. The vulnerability has been rated with a CVSS score of 9.2, indicating its critical nature. Emergency patches have been released, but the exploit is already public, raising concerns about imminent attacks. Organizations running NGINX are urged to update their systems immediately to mitigate risks. The vulnerability is particularly dangerous for internet-facing servers with non-trivial rewrite rules.

Key Points: • CVE-2026-42945 allows remote code execution and denial of service via crafted HTTP requests. • The vulnerability affects all NGINX versions from 0.6.27 to 1.30.0 and has existed for 18 years. • Emergency patches have been released, but public proof-of-concept exploits are already available.

ThreatCluster AI

Timeline

2026-05-13
CVE-2026-42945 published
A critical heap buffer overflow vulnerability in NGINX was disclosed, affecting multiple versions.
Bleepingcomputer
2026-05-13
First public PoC released
A proof-of-concept exploit demonstrating remote code execution was made public shortly after the vulnerability disclosure.
Cybernews
2026-05-14
Emergency patches released
F5 released patched versions of NGINX to address the critical vulnerability, urging immediate updates.
Cybersecuritynews
2026-05-14
AlmaLinux confirms exploitability
AlmaLinux verified that the vulnerability allows for easy denial-of-service attacks across supported releases.
Almalinux

Community

Browse all →