Critical NGINX Exploit Spreads: What You Need to Know
Critical NGINX Vulnerability Exploited in the Wild Following Patch Release
Researchers at VulnCheck have reported that the first in-the-wild attacks exploiting a critical severity NGINX vulnerability patched last week have commenced.
According to VulnCheck researcher Patrick Garrity, “We’re seeing active exploitation of CVE-2026-42945 in F5 NGINX, a heap buffer overflow affecting both NGINX Plus and NGINX Open Source.” Garrity emphasized that the security defect allows for remote exploitation, even without authentication, via crafted HTTP requests.
Successful exploitation of the flaw could result in either a denial-of-service (DoS) condition or, if Address Space Layout Randomization (ASLR) is disabled, remote code execution (RCE).
Vulnerability Details
- The flaw, tracked as CVE-2026-42945 and dubbed Nginx Rift, is a heap buffer overflow in the ngx_http_rewrite_module component.
- This defect existed within the NGINX codebase for 16 years before being addressed by F5 through its recent patch release.
Action Required
Organizations operating NGINX servers should take immediate action to address this critical vulnerability by applying the latest available patches. Failure to do so may expose their infrastructure to the risk of exploitation, potentially resulting in significant downtime, reputational damage, and other negative consequences.
Estimated Impact
- Approximately 5.7 million internet-exposed NGINX servers are running a potentially vulnerable version, although the truly exploitable population is expected to be significantly smaller.