NGINX CVE-2026-42945 Exploited in the Wild, Causing Worker Crashes and Possible RCE

Ravie LakshmananMay 17, 2026Server Security / Vulnerability

A newly disclosed security flaw impacting NGINX Plus and NGINX Open has come under active exploitation in the wild, days after its public disclosure, according to VulnCheck.

The vulnerability, tracked as CVE-2026-42945 (CVSS score: 9.2), is a heap buffer overflow in ngx_http_rewrite_module affecting NGINX versions 0.6.27 through 1.30.0. According to AI-native security company depthfirst, the vulnerability was introduced in 2008.

Successful exploitation of the flaw can permit an unauthenticated attacker to crash worker processes or execute remote code with crafted HTTP requests. However, it bears noting that code execution is possible only on devices where Address Space Layout Randomization (ASLR), a safeguard against memory-based attacks, is turned off.

"It relies on a specific NGINX config to be vulnerable, and for an attacker to know or discover the config to exploit it," security researcher Kevin Beaumont said. "To reach RCE [remote code execution], also ASLR needs to have been disabled on the box."

NGINX CVE-2026-42945 Exploited in the Wild, Causing Worker Crashes and Possible RCE

Other newsrooms on this story

Related reading

18-Year-Old NGINX Rewrite Module Flaw Enables Unauthenticated RCE

18-year-old NGINX vulnerability allows DoS, potential RCE

NGINX Rift attackers waste no time targeting exposed servers

New critical Exim mailer flaw allows remote code execution

Critical Apache HTTP/2 Flaw (CVE-2026-23918) Enables DoS and Potential RCE

'Dirty Frag' Linux flaw one-ups CopyFail with no patches and public root exploit