Skip to main content

Tag: nginx

4 articles

Rows of computer servers and networking equipment in a brightly-lit data center with technicians working in the background.

F5 Dispatched Patches for Critical NGINX Flaws

F5 has urgently released patches to fix two critical vulnerabilities in NGINX modules that can be exploited by remote attackers to cause denial-of-service or even execute remote code. Admins are advised to install the updates ASAP to protect NGINX Plus, Open Source, Gateway Fabric, and Instance Manager from potential attacks.

Analyst 207
Brightly-lit web server room with equipment on a rack and a monitor screen in the background.

NGINX Flaw CVE-2026-42945 Actively Exploited, Threatens Worker Crashes and RCE

A newly discovered NGINX flaw, CVE-2026-42945, is being actively exploited, posing a significant threat of worker crashes and remote code execution (RCE) through specially crafted HTTP requests. This high-severity vulnerability, with a CVSS score of 9.2, has been lurking in NGINX versions since 2008, affecting NGINX Plus and NGINX Open.

Analyst 207
Generic computer server or network equipment rack in a data center setting.

NGINX Vulnerability Exposes Servers to DoS, Potential Code Execution

A critical vulnerability, CVE-2026-42945, has been lurking in NGINX's code for 18 years, exposing servers to potential DoS attacks and code execution - and affecting a staggering third of the top-ranked websites. This heap buffer overflow flaw, rated 9.2 in severity, is a wake-up call for NGINX users to take immediate action.

Analyst 207
Server room with web server hardware exposed, conveying vulnerability.

NGINX Flaw Enables Unauthenticated Remote Code Execution

A critical 18-year-old vulnerability, known as NGINX Rift, has been discovered in NGINX Plus and NGINX Open Source, allowing unauthenticated attackers to remotely execute code with a single crafted HTTP request. This high-severity flaw, rated 9.2 on the CVSS v4 scale, poses a significant threat to vulnerable servers.

Analyst 207