Lukas Rotermund (moved)May 15

I don't wanna ruin your Friday, but nginx has a serious CVE with a rating of 9.2, and you should patch or mitigate it asap.

The CVE is an unauthenticated http request that can lead to a deterministic buffer overflow and remote code execution.

https://depthfirst.com/nginx-rift

#nginx #cve_2026_42945 #cve202642945

NGINX Rift

An 18 year old memory corruption flaw in NGINX Plus and NGINX Open Source lets an unauthenticated attacker crash worker processes or execute remote code with crafted HTTP requests.

Stephen PaulgerMay 14

If anyone is worrying about their NGINX configs because of CVE-2026-42945 I’ve made a fork of gixy-next with a plugin to help find rewrite configs that might be a problem.

https://github.com/stephenpaulger/Gixy-Next/tree/add-unnamed-group-plugin

I’ll send a merge request but in the meantime my fork’s branch might be useful. Obviously, don’t just trust me, review my change, it’s small enough.

#nginx #CyberSecurity #cve_2026_42945

GitHub - stephenpaulger/Gixy-Next at add-unnamed-group-plugin

Gixy-Next: NGINX Configuration Security Scanner & Performance Checker - stephenpaulger/Gixy-Next

GitHub
Harry SintonenMay 13

CVE-2026-42945 Heap-based Buffer Overflow in #nginx combined with the linux kernel LPEs is "not great" as we say in the industry.

https://depthfirst.com/nginx-rift

#CVE_2026_42945

NGINX Rift

An 18 year old memory corruption flaw in NGINX Plus and NGINX Open Source lets an unauthenticated attacker crash worker processes or execute remote code with crafted HTTP requests.