Cybersecurity researchers have disclosed multiple security vulnerabilities impacting NGINX Plus and NGINX Open, including a critical flaw that remained undetected for 18 years. The vulnerability, discovered by depthfirst, is a heap buffer overflow issue impacting ngx_http_rewrite_module (CVE-2026-42945, CVSS v4 score: 9.2) that could allow an attacker to achieve remote code execution or cause a
18-Year-Old NGINX Rewrite Module Flaw Enables Unauthenticated RCE
Inhalt
Verknuepfte CVEs
| CVE-ID | Severity (CVE.org) | CVSS (CVE.org) | EPSS | EPSS-% | Veroeffentlicht (CVE.org) |
|---|---|---|---|---|---|
| - | - | - | - |
Quellen-Details
| Bezeichnung | Name | Kategorie | Tags | Zielgruppe | Sprache | Feed-URL |
|---|---|---|---|---|---|---|
| The Hacker News | security_news | - | de | https://feeds.feedburner.com/TheHackersNews |