18-Year-Old NGINX Rewrite Module Flaw Enables Unauthenticated RCE

Cybersecurity researchers have disclosed multiple security vulnerabilities impacting NGINX Plus and NGINX Open, including a critical flaw that remained undetect

May 14, 2026 1 min read The Hacker News

Cybersecurity researchers have disclosed multiple security vulnerabilities impacting NGINX Plus and NGINX Open, including a critical flaw that remained undetected for 18 years. The vulnerability, discovered by depthfirst, is a heap buffer overflow issue impacting ngx_http_rewrite_module (CVE-2026-42945, CVSS v4 score: 9.2) that could allow an attacker to achieve remote code execution or cause a

About this article

This post is an automated summary curated from the RSS feed of The Hacker News.

📰 Read the full article at The Hacker News

The original content was published on May 14, 2026 at 06:00 UTC. All rights belong to the respective author(s) and The Hacker News.

Automatically curated by TechBR News. View original source.

About this article

Related Articles

New Fragnesia Linux Kernel LPE Grants Root Access via Page Cache Corruption

Microsoft's MDASH AI System Finds 16 Windows Flaws Fixed in Patch Tuesday

Azerbaijani Energy Firm Hit by Repeated Microsoft Exchange Exploitation

Get new articles by email