VulnHub

Real-time Cybersecurity News

NGINX CVE-2026-42945 Exploited in the Wild, Causing Worker Crashes and Possible RCE

The Hacker News
Actively Exploited
CVEVulnerabilityRCENginx

Overview

A serious vulnerability in NGINX, tracked as CVE-2026-42945, is currently being exploited in the wild, just days after it was disclosed. This flaw is a heap buffer overflow in the ngx_http_rewrite_module, which affects NGINX Plus and NGINX Open versions from 0.6.27 to 1.30.0. The CVSS score of 9.2 indicates a high severity, as it could lead to worker crashes and potentially allow remote code execution (RCE). Organizations using affected versions should prioritize patching their systems to prevent exploitation. Given the active nature of this threat, immediate action is crucial for maintaining security.

Key Takeaways

  • Active Exploitation: This vulnerability is being actively exploited by attackers. Immediate action is recommended.
  • Affected Systems: NGINX Plus and NGINX Open, versions 0.6.27 through 1.30.0.
  • Action Required: Users should update to the latest versions of NGINX Plus and NGINX Open to mitigate this vulnerability.
  • Timeline: Newly disclosed

Original Article Summary

A newly disclosed security flaw impacting NGINX Plus and NGINX Open has come under active exploitation in the wild, days after its public disclosure, according to VulnCheck. The vulnerability, tracked as CVE-2026-42945 (CVSS score: 9.2), is a heap buffer overflow in ngx_http_rewrite_module affecting NGINX versions 0.6.27 through 1.30.0. According to AI-native security company depthfirst, the

Impact

NGINX Plus and NGINX Open, versions 0.6.27 through 1.30.0.

Exploitation Status

This vulnerability is confirmed to be actively exploited by attackers in real-world attacks. Organizations should prioritize patching or implementing workarounds immediately.

Timeline

Newly disclosed

Remediation

Users should update to the latest versions of NGINX Plus and NGINX Open to mitigate this vulnerability. Specific patch numbers or versions were not mentioned, so users should check the official NGINX website for updates.

Additional Information

This threat intelligence is aggregated from trusted cybersecurity sources. For the most up-to-date information, technical details, and official vendor guidance, please refer to the original article linked below.

Related Topics: This incident relates to CVE, Vulnerability, RCE, and 1 more.

Read Original Article

Related Coverage

Can Laws Stop Deepfakes? South Korea Aims to Find Out

darkreading

South Korea is preparing for its local elections next month, which will serve as a testing ground for new regulations aimed at combating deepfakes. These manipulated videos can spread misinformation and potentially influence public opinion during elections. As deepfakes become more sophisticated and accessible, the South Korean government is keen to see if their legal measures can effectively reduce the impact of these deceptive media. The outcome of this initiative could set a precedent for how other countries approach the regulation of deepfakes and misinformation in electoral processes. This is particularly relevant as deepfake technology poses a growing challenge to democratic processes worldwide.

May 18, 2026

New Windows 'MiniPlasma' zero-day exploit gives SYSTEM access, PoC released

BleepingComputer

A cybersecurity researcher has disclosed a serious vulnerability in Windows, known as 'MiniPlasma', which allows attackers to escalate their privileges to SYSTEM level on fully patched systems. This zero-day exploit poses a significant risk because it can enable unauthorized access to sensitive data and system controls. Users of Windows systems, particularly those in corporate environments, should be on high alert as this exploit can potentially be used in cyberattacks. The researcher has also released a proof-of-concept (PoC) for the exploit, which can facilitate its misuse by malicious actors. This situation underscores the need for immediate attention to system security measures and vigilance against potential exploitation.

May 17, 2026

Security Affairs newsletter Round 577 by Pierluigi Paganini – INTERNATIONAL EDITION

Security Affairs

Attackers are exploiting a vulnerability in Funnel Builder, a tool used by online stores, to inject e-skimmers. These malicious scripts can steal payment information from unsuspecting customers during transactions. This incident affects e-commerce platforms that utilize Funnel Builder, potentially putting sensitive customer data at risk. As the holiday shopping season approaches, the urgency to address this vulnerability increases, as attackers may ramp up their efforts to exploit it. Companies using this tool should prioritize patching the identified bug to protect their customers and maintain trust.

May 17, 2026

Scammers Send Physical Phishing Letters to Steal Ledger Wallet Seed Phrases

Hackread – Cybersecurity News, Data Breaches, AI and More

Scammers are targeting Ledger wallet users in Italy by sending out physical letters that appear to be from the company. These letters contain QR codes designed to trick recipients into revealing their wallet seed phrases. This tactic exploits the trust users have in Ledger, a well-known cryptocurrency hardware wallet provider. By obtaining these seed phrases, scammers can gain access to users' cryptocurrency funds. It's crucial for crypto users to be vigilant and verify the authenticity of any communication they receive, especially those that ask for sensitive information. The incident underscores the ongoing risks associated with cryptocurrency security and the lengths that attackers will go to steal personal information.

May 17, 2026

Grafana Says It Rejected Ransom Demand After Source Code Theft

Hackread – Cybersecurity News, Data Breaches, AI and More

Grafana has reported a security incident where hackers accessed its source code after obtaining a GitHub token. Fortunately, the company confirmed that no customer data or systems were compromised during this breach. Grafana's response included rejecting a ransom demand from the attackers, indicating they did not negotiate or pay for the stolen code. This incident raises concerns about the security of access tokens and the potential risks associated with code theft, even when customer data remains secure. Companies should review their token management practices to prevent similar incidents in the future.

May 17, 2026

Week in review: Cisco patches SD-WAN 0-day, unpatched Microsoft Exchange Server flaw exploited

Help Net Security

Last week, Cisco released a patch for a zero-day vulnerability affecting its SD-WAN product. This flaw could allow attackers to gain unauthorized access to the network and potentially disrupt services. Meanwhile, a previously unpatched vulnerability in Microsoft Exchange Server has been actively exploited by attackers, putting many organizations at risk. These incidents highlight the ongoing challenges companies face in securing their systems against evolving threats. It’s crucial for affected users to apply the latest patches and take proactive measures to protect their networks.

May 17, 2026