May 17, 2026 · Information Security

Nginx’s 18‑Year‑Old RCE Flaw Exposes One‑Third of Websites

A critical Nginx vulnerability (CVE‑2026‑42945, CVSS 9.2) discovered by depthfirst and F5 allows unauthenticated remote code execution via a single crafted HTTP request, affecting versions 0.6.27‑1.30.0 and roughly one‑third of global websites.

CVE-2026-42945NGINXRCE

0 likes · 11 min read

Nginx’s 18‑Year‑Old RCE Flaw Exposes One‑Third of Websites

Black & White Path

May 16, 2026 · Information Security

A 18‑Year‑Old Nginx RCE Flaw Finally Exposed (CVE‑2026‑42945)

Depthfirst’s AI tool Rift uncovered a critical heap‑buffer‑overflow vulnerability (CVE‑2026‑42945) in Nginx’s ngx_http_rewrite_module that has been present for 18 years, allowing unauthenticated attackers to trigger denial‑of‑service or potential remote code execution, affecting versions 0.6.27‑1.30.0 and fixed in 1.30.1/1.31.0.

AI-assisted Vulnerability DiscoveryCVE-2026-42945Heap Buffer Overflow

0 likes · 5 min read

A 18‑Year‑Old Nginx RCE Flaw Finally Exposed (CVE‑2026‑42945)