Critical NGINX Vulnerability Under Active Attack

A newly disclosed critical vulnerability in NGINX web servers is now under active attack, affecting a wide range of versions.

A critical security vulnerability has been discovered in NGINX web server software and is now under active attack in the wild. Security research firm VulnCheck reported that exploits for the flaw began appearing just days after its public disclosure. The vulnerability is identified as CVE-2026-42945 and carries a high severity CVSS score of 9.2. The specific issue is a heap buffer overflow within the ngx_http_rewrite_module, a core component responsible for modifying request URLs on the server. This type of memory corruption error is notoriously dangerous, as it can destabilize server operations and create openings for malicious attacks.

AThe vulnerability's impact is widespread, affecting both the commercial NGINX Plus and the popular NGINX Open Source versions. A significant range of software releases, from version 0.6.27 up to 1.30.0, are confirmed to be vulnerable, putting a large number of web servers globally at risk. Exploiting this flaw can lead to immediate consequences, such as causing NGINX worker processes to crash, which would result in service denial for users. The most severe risk, however, is the potential for remote code execution (RCE). If an attacker achieves RCE, they could gain complete control over the compromised server, allowing them to steal data or install malware.

NGINX is one of the most popular web servers in the world. A critical, remotely exploitable vulnerability that is being actively attacked puts a massive number of websites and online services at risk of downtime and complete server compromise.

Businesses using vulnerable NGINX versions face a high risk of service disruption from server crashes. A successful remote code execution attack could lead to data breaches, reputational damage, and significant financial loss from cleanup and recovery efforts.