Heap Buffer Overflow in NGINX Plus and NGINX Open Source Affecting ngx_http_rewrite_module
CVE-2026-42945
Key Information:
- Vendor
F5
- Vendor
- CVE Published:
- 13 May 2026
Badges
What is CVE-2026-42945?
CVE-2026-42945 is a critical vulnerability affecting NGINX Plus and NGINX Open Source, specifically within the ngx_http_rewrite_module. This vulnerability occurs when a rewrite directive is used in conjunction with unnamed Perl-Compatible Regular Expression (PCRE) captures and replacement strings that include a question mark. An unauthenticated attacker can exploit this condition by sending specially crafted HTTP requests, which can lead to a heap buffer overflow in the NGINX worker process. As a result, this may cause the worker process to restart unexpectedly. For systems with Address Space Layout Randomization (ASLR) disabled, the vulnerability presents an even more severe risk, as it opens the possibility for code execution.
Potential Impact of CVE-2026-42945
-
Service Disruption: The heap buffer overflow can cause the NGINX worker process to restart, leading to potential downtime for web services relying on NGINX for load balancing and HTTP processing. This disruption could significantly affect business operations and user access to online services.
-
Remote Code Execution Risk: For systems where ASLR is disabled, the vulnerability increases the likelihood of remote code execution. This could allow attackers to gain control over the affected systems, potentially leading to unauthorized access, data theft, and propagation of malware within the network.
-
Increased Attack Surface: With the existence of this vulnerability, there is a heightened risk of exploitation in the wild. Attackers may target organizations running affected versions of NGINX, which could lead to widespread compromise, particularly in environments where secure configurations are not enforced.
Affected Version(s)
NGINX Open Source 0.6.27 < 1.30.1
NGINX Plus R36
NGINX Plus R32
Exploit Proof of Concept (PoC)
PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.
News Articles
It Security NewsCVE-2026-42945Critical flaw in software powering a third of the internet is already being exploited – free checker now available - IT Security News
A critical security vulnerability in NGINX, the web server software underpinning more than 30% of all websites globally, has been confirmed as actively exploited in the wild, less than a week after its public disclosure. The flaw, tracked as CVE-2026-42945…Read more →
2 weeks ago
HackreadCVE-2026-42945Hackers Actively Exploit ‘Nginx Rift’ Vulnerability Affecting NGINX, F5 Products
Hackers are actively exploiting the Nginx Rift vulnerability affecting NGINX and F5 products, exposing servers to denial-of-service attacks.
2 weeks ago
It Security NewsCVE-2026-42945CVE-2026-42945: Mitigating a Critical Heap Buffer Overflow Vulnerability in NGINX - IT Security News
Discover CVE-2026-42945 (NGINX Rift), a critical heap buffer overflow vulnerability. Learn about the affected versions and critical patch updates. This article has been indexed from Blog Read the original article: CVE-2026-42945: Mitigating a Critical Heap Buffer Overflow Vulnerability in NGINXRead ...
2 weeks ago
References
CVSS V4
Timeline
- 🥇
Vulnerability reached the number 1 worldwide trending spot
- 📰
First article discovered by The Hacker News
- 📈
Vulnerability started trending
- 🟡
Public PoC available
- 👾
Exploit known to exist
Vulnerability published
Vulnerability Reserved