URL has been copied successfully!
18-Year-Old NGINX Rewrite Module Flaw Enables Unauthenticated RCE
URL has been copied successfully!

Collecting Cyber-News from over 60 sources

18-Year-Old NGINX Rewrite Module Flaw Enables Unauthenticated RCE


Tags: , , , , ,

Cybersecurity researchers have disclosed multiple security vulnerabilities impacting NGINX Plus and NGINX Open, including a critical flaw that remained undetected for 18 years.The vulnerability, discovered by depthfirst, is a heap buffer overflow issue impacting ngx_http_rewrite_module (CVE-2026-42945, CVSS v4 score: 9.2) that could allow an attacker to achieve remote code execution or cause a

First seen on thehackernews.com

Jump to article: thehackernews.com/2026/05/18-year-old-nginx-rewrite-module-flaw.html

Loading

Share via Email
Share on Facebook
Tweet on X (Twitter)
Share on Whatsapp
Share on LinkedIn
Share on Xing
Copy link

also interesting:

  1. Attackers exploiting NetScaler ADC and Gateway zero day flaw, Citrix warns
  2. 13-Year-Old Redis RCE Flaw Lets Attackers Seize Complete Host Control
  3. F5 Security Incident Advisory
  4. 7-Zip RCE Vulnerability Actively Exploited by Hackers