A critical heap buffer overflow vulnerability, lurking in NGINX’s source code since 2008, has been publicly disclosed. Complete with a working proof-of-concept exploit capable of delivering unauthenticated remote code execution (RCE) against one of the world’s most widely deployed web servers. Assigned a CVSS score of 9.2, CVE-2026-42945 resides in NGINX’s ngx_http_rewrite_module. This engine powers URL rewriting and […]
The post Critical 18-Year-Old NGINX Vulnerability Enables Remote Code Execution Attacks – PoC Released appeared first on Cyber Security News.