The Hacker News

NGINX CVE-2026-42945 Exploited in the Wild, Causing Worker Crashes and Possible RCE

A newly disclosed security flaw impacting NGINX Plus and NGINX Open has come under active exploitation in the wild, days after its public disclosure, according to VulnCheck. The vulnerability, tracked ...
SecurityWeek

PoC Code Published for Critical NGINX Vulnerability

Introduced in 2008, the critical-severity security defect was patched this week in NGINX Plus and NGINX open source. Because the internal engine state changes between the two passes, if a rewrite ...
Bleeping Computer

18-year-old NGINX vulnerability allows DoS, potential RCE

An 18-year-old flaw in the NGINX open-source web server, discovered using an autonomous scanning system, can be exploited for denial of service and, under certain conditions, remote code execution.
cybernews

NGINX is critically vulnerable: hackers can crash servers and run remote code with no authentication

A critical NGINX vulnerability, undiscovered for 18 years, allows hackers to crash servers with ease and even take full control without authentication in some common configurations. Emergency patches ...
The Hacker News

18-Year-Old NGINX Rewrite Module Flaw Enables Unauthenticated RCE

Cybersecurity researchers have disclosed multiple security vulnerabilities impacting NGINX Plus and NGINX Open, including a critical flaw that remained undetected for 18 years. "NGINX Plus and NGINX ...