CVE-2026-42945 - Vulnerability Analysis

Undercode News

@undercodenews

May 14, 2026

Critical NGINX Zero-Day CVE-2026-42945 Exposes 18-Year-Old Heap Overflow Leading to DoS and Possible RCE Introduction A newly disclosed vulnerability in the widely used NGINX web server has raised serious security concerns across the global internet infrastructure. The flaw, tracked as CVE-2026-42945, has reportedly existed in the codebase for nearly 18 years before being discovered through autonomous AI-driven scanning systems. Rated at a critical CVSS score of 9.2,… https://undercodenews.com/critical-nginx-zero-day-cve-2026-42945-exposes-18-year-old-heap-overflow-leading-to-dos-and-possible-rce/?utm_source=mastodon&utm_medium=jetpack_social

Analyst207

@Analyst207

May 14, 2026

NGINX Vulnerability Exposes Servers to DoS, Potential Code Execution A critical vulnerability, CVE-2026-42945, has been lurking in NGINX's code for 18 years, exposing servers to potential DoS attacks and code execution - and affecting a staggering third of the top-ranked websites. This heap buffer overflow flaw, rated 9.2 in severity, is a wake-up call for NGINX users to take immediate action. https://osintsights.com/nginx-vulnerability-exposes-servers-to-dos-potential-code-execution?utm_source=mastodon&utm_medium=social #Cve202642945 #Nginx #WebServer #HeapBufferOverflow #DenialOfService

zoe :blahaj:

@commanderred

May 14, 2026

yay, seems like nginx has a CVE... thanks AI https://nvd.nist.gov/vuln/detail/CVE-2026-42945

hrbrmstr 🇺🇦 🇬🇱 🇨🇦

@hrbrmstr

May 14, 2026

@me @krypt3ia fixed and also here: https://git.sr.ht/~hrbrmstr/cve-2026-42945-scanner

hrbrmstr 🇺🇦 🇬🇱 🇨🇦

@hrbrmstr

May 14, 2026

The EasyEngine tutorial, StackPointer, WPMU DEV, Stack Overflow, and the WordPress.org forums all reference this same pattern. This can easily be chained with one (or both) of two recent and trivial-to-exploit local privilege escalation Linux vulns. In the words of @krypt3ia : we doomed. HOWEVER: I threw together a small Bash script that tries to detect whether a given conf file or directory of nginx configs has vulnerable directives. You can find it at: https://git.sr.ht/~hrbrmstr/cve-2026-42945-scanner (2/3)

Kevin Beaumont

@GossiTheDog

May 14, 2026

CVE-2026-42945 - Nginx (otherwise branded Nginx Rift) It relies on a specific Nginx config to be vulnerable, and for attacker to know or discover the config to exploit it. To reach RCE, also ASLR needs to have been disabled on the box. The PoC they've built specifically disabled ASLR, deploys a specifically vulnerable config and the exploit knows about the vulnerable config endpoint.

Undercode News

@undercodenews

May 14, 2026

NGINX Rift: 18-Year-Old Hidden Vulnerability Exposes Critical Remote Code Execution Risk A long-hidden security flaw in NGINX has finally surfaced after remaining unnoticed for nearly two decades, raising serious concerns across the global web infrastructure landscape. The vulnerability, now tracked as CVE-2026-42945 and dubbed “NGINX Rift,” allows unauthenticated remote code execution (RCE), making it one of the most severe discoveries in recent web server security… https://undercodenews.com/nginx-rift-18-year-old-hidden-vulnerability-exposes-critical-remote-code-execution-risk/?utm_source=mastodon&utm_medium=jetpack_social

/r/netsec

@_r_netsec

May 14, 2026

CVE-2026-42945 : NGINX Heap Buffer Overflow in rewrite module - Writeup and PoC https://depthfirst.com/research/nginx-rift-achieving-nginx-rce-via-an-18-year-old-vulnerability

benzogaga33 :verified:

@benzogaga33

May 14, 2026

NGINX Rift – CVE-2026-42945 : cette faille critique vieille de 18 ans menace vos serveurs Web https://www.it-connect.fr/nginx-rift-cve-2026-42945-cette-faille-critique-de-18-ans-menace-vos-serveurs-web/ #ActuCybersécurité #Cybersécurité #Vulnérabilité #Nginx

Yazoul - Cybersecurity Alerts

@Matchbook3469

May 14, 2026

🔴 New security advisory: CVE-2026-42945 affects multiple systems. • Impact: Remote code execution or complete system compromise possible • Risk: Attackers can gain full control of affected systems • Mitigation: Patch immediately or isolate affected systems Full breakdown: https://www.yazoul.net/advisory/cve/cve-2026-42945-nginx-plus-heap-overflow-unauth-poc #InfoSec #PatchNow #InfoSecCommunity

小众软件（镜像）

@appinn

May 14, 2026

『Nginx rewrite 模块爆高危漏洞：可能已经存在十几年｜CVE-2026-42945』 Nginx 是一款被广泛使用的 HTTP 服务器软件。2026 年 5 月 13 日官方披露常用模组 rewrite 存在安全漏洞。攻击者可通过构造特殊 HTTP 请求触发该漏洞，导致 Nginx 工 …… 阅读全文： :sys_link: https://www.appinn.com/nginx-rewrite-rce-cve-2026-42945/ #小众软件

Jan Schaumann

@jschauma

May 14, 2026

CVE-2026-42945: Possible RCE in NGINX: https://depthfirst.com/nginx-rift Requires a specific regex based rewrite directive like rewrite ^/users/([0-9]+)/profile/(.*)$ /profile.php?id=$1&tab=$2 last; https://my.f5.com/manage/s/article/K000161019 (Of course also found & published by some AI platform. At least they told F5 first.) And there's a bunch of other vulns in nginx that just dropped, but good luck keeping track if the list of security advisories contains no dates: https://nginx.org/en/security_advisories.html

Harry Sintonen

@harrysintonen

May 13, 2026

CVE-2026-42945 Heap-based Buffer Overflow in #nginx combined with the linux kernel LPEs is "not great" as we say in the industry. https://depthfirst.com/nginx-rift #CVE_2026_42945

cR0w

@cR0w

May 13, 2026

RE: https://infosec.exchange/@cR0w/116568840324508660 Plenty of prerequisites but worth looking into. https://my.f5.com/manage/s/article/K000161019 NGINX Plus and NGINX Open Source have a vulnerability in the ngx_http_rewrite_module module. This vulnerability exists when the rewrite directive is followed by a rewrite, if, or set directive and an unnamed Perl-Compatible Regular Expression (PCRE) capture (for example, $1, $2) with a replacement string that includes a question mark (?). An unauthenticated attacker along with conditions beyond its control can exploit this vulnerability by sending crafted HTTP requests. This may cause a heap buffer overflow in the NGINX worker process leading to a restart. Additionally, for systems with Address Space Layout Randomization (ASLR ) disabled, code execution is possible. (CVE-2026-42945)

TheHackerWire

@thehackerwire

May 13, 2026

🟠 CVE-2026-42945 - High (8.1) NGINX Plus and NGINX Open Source have a vulnerability in the ngx_http_rewrite_module module. This vulnerability exists when the rewrite directive is followed by a rewrite, if, or set directive and an unnamed Perl-Compatible Regular Expression (... 🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-42945/ #CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

hrbrmstr 🇺🇦 🇬🇱 🇨🇦

@hrbrmstr

May 14, 2026

@me @krypt3ia fixed and also here: https://git.sr.ht/~hrbrmstr/cve-2026-42945-scanner

hrbrmstr 🇺🇦 🇬🇱 🇨🇦

@hrbrmstr

May 14, 2026

The EasyEngine tutorial, StackPointer, WPMU DEV, Stack Overflow, and the WordPress.org forums all reference this same pattern. This can easily be chained with one (or both) of two recent and trivial-to-exploit local privilege escalation Linux vulns. In the words of @krypt3ia : we doomed. HOWEVER: I threw together a small Bash script that tries to detect whether a given conf file or directory of nginx configs has vulnerable directives. You can find it at: https://git.sr.ht/~hrbrmstr/cve-2026-42945-scanner (2/3)

Kevin Beaumont

@GossiTheDog

May 14, 2026

CVE-2026-42945 - Nginx (otherwise branded Nginx Rift) It relies on a specific Nginx config to be vulnerable, and for attacker to know or discover the config to exploit it. To reach RCE, also ASLR needs to have been disabled on the box. The PoC they've built specifically disabled ASLR, deploys a specifically vulnerable config and the exploit knows about the vulnerable config endpoint.

/r/netsec

@_r_netsec

May 14, 2026

CVE-2026-42945 : NGINX Heap Buffer Overflow in rewrite module - Writeup and PoC https://depthfirst.com/research/nginx-rift-achieving-nginx-rce-via-an-18-year-old-vulnerability

benzogaga33 :verified:

@benzogaga33

May 14, 2026

NGINX Rift – CVE-2026-42945 : cette faille critique vieille de 18 ans menace vos serveurs Web https://www.it-connect.fr/nginx-rift-cve-2026-42945-cette-faille-critique-de-18-ans-menace-vos-serveurs-web/ #ActuCybersécurité #Cybersécurité #Vulnérabilité #Nginx

Jan Schaumann

@jschauma

May 14, 2026

CVE-2026-42945: Possible RCE in NGINX: https://depthfirst.com/nginx-rift Requires a specific regex based rewrite directive like rewrite ^/users/([0-9]+)/profile/(.*)$ /profile.php?id=$1&tab=$2 last; https://my.f5.com/manage/s/article/K000161019 (Of course also found & published by some AI platform. At least they told F5 first.) And there's a bunch of other vulns in nginx that just dropped, but good luck keeping track if the list of security advisories contains no dates: https://nginx.org/en/security_advisories.html

Harry Sintonen

@harrysintonen

May 13, 2026

CVE-2026-42945 Heap-based Buffer Overflow in #nginx combined with the linux kernel LPEs is "not great" as we say in the industry. https://depthfirst.com/nginx-rift #CVE_2026_42945

cR0w

@cR0w

May 13, 2026

RE: https://infosec.exchange/@cR0w/116568840324508660 Plenty of prerequisites but worth looking into. https://my.f5.com/manage/s/article/K000161019 NGINX Plus and NGINX Open Source have a vulnerability in the ngx_http_rewrite_module module. This vulnerability exists when the rewrite directive is followed by a rewrite, if, or set directive and an unnamed Perl-Compatible Regular Expression (PCRE) capture (for example, $1, $2) with a replacement string that includes a question mark (?). An unauthenticated attacker along with conditions beyond its control can exploit this vulnerability by sending crafted HTTP requests. This may cause a heap buffer overflow in the NGINX worker process leading to a restart. Additionally, for systems with Address Space Layout Randomization (ASLR ) disabled, code execution is possible. (CVE-2026-42945)

TheHackerWire

@thehackerwire

May 13, 2026

🟠 CVE-2026-42945 - High (8.1) NGINX Plus and NGINX Open Source have a vulnerability in the ngx_http_rewrite_module module. This vulnerability exists when the rewrite directive is followed by a rewrite, if, or set directive and an unnamed Perl-Compatible Regular Expression (... 🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-42945/ #CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack