NGINX CVE-2026-42945 Exploited in the Wild, Causing Worker Crashes and Possible RCE
CVE-2026-42945 — a critical NGINX heap buffer overflow introduced in 2008 — is being actively exploited. Patch immediately; ensure ASLR is enabled.
What’s new: A critical vulnerability in NGINX, tracked as CVE-2026-42945, has been actively exploited in the wild. This heap buffer overflow affects NGINX versions 0.6.27 through 1.30.0 and can lead to worker process crashes or potential remote code execution (RCE) if Address Space Layout Randomization (ASLR) is disabled. The vulnerability was introduced in 2008 and has a CVSS score of 9.2.
Who’s affected
Users of NGINX Plus and NGINX Open, specifically those running versions 0.6.27 through 1.30.0, are at risk. The exploitation attempts have been detected against honeypot networks, indicating active threat actor interest.
What to do
- Apply the latest security patches from F5 to mitigate the vulnerability.
- Ensure ASLR is enabled on systems running NGINX to reduce the risk of successful exploitation.
- Review NGINX configurations to identify any that may be vulnerable to this attack.
