NGINX CVE-2026-42945 Exploited in the Wild, Causing Worker Crashes and Possible RCE

The newly disclosed NGINX vulnerability, CVE‑2026‑42945, is a heap buffer overflow in the ngx_http_rewrite_module that dates back to 2008. Its high CVSS rating of 9.2 reflects the ease with which an unauthenticated actor can trigger denial‑of‑service conditions by crashing worker processes. While full remote code execution (RCE) hinges on the target’s ASLR being disabled—a configuration rarely left unchecked in modern Linux distributions—the immediate impact is still significant for any organization that relies on NGINX for web serving, load balancing, or API gateways.

Mitigation strategies focus on rapid patch deployment and hardening system configurations. F5 has released updates that address the flaw across both NGINX Plus and the open‑source variant, and security teams should prioritize these patches to close the attack surface. Enabling ASLR, employing SELinux or AppArmor policies, and monitoring for anomalous HTTP request patterns can further reduce exploitation risk. The incident underscores the importance of a proactive vulnerability management program, especially for legacy software that may retain decades‑old code paths still present in current releases.

Concurrently, VulnCheck’s disclosure of three openDCIM vulnerabilities (CVE‑2026‑28515, ‑28516, ‑28517) illustrates how attackers are leveraging AI‑driven tools to discover and chain flaws across disparate platforms. By chaining authentication bypass, SQL injection, and command injection, threat actors can achieve remote code execution in as few as five HTTP requests. Organizations should audit open‑source components, enforce least‑privilege access, and consider runtime application self‑protection (RASP) to detect malicious payloads before they reach vulnerable code paths. The dual‑front nature of these exploits signals a broader shift toward automated, multi‑vector attacks that demand comprehensive, layered defenses.