NGINX Rift attackers waste no time targeting exposed servers
Attackers are quickly exploiting a newly disclosed vulnerability in NGINX known as 'NGINX Rift.' This flaw, which has existed for 18 years, allows unauthenticated attackers to crash NGINX worker processes through crafted HTTP requests. While the risk of remote code execution is limited by modern security configurations, the number of exposed servers remains a concern for security teams.
- ▪The vulnerability, CVE-2026-42945, is a heap buffer overflow affecting both NGINX Open Source and NGINX Plus.
- ▪Researchers observed exploitation attempts just days after the vulnerability was disclosed.
- ▪Approximately 5.7 million internet-exposed NGINX servers are running potentially vulnerable versions.
Opening excerpt (first ~120 words) tap to expand
(function() { let windowUrl = window.location.href; windowUrl = windowUrl.substring(windowUrl.indexOf('?') + 1); let messageElement = document.querySelector('.shareableMessage'); if (windowUrl && windowUrl.includes('code') && windowUrl.includes('expires')) { messageElement.style.display = 'block'; } })(); Security NGINX Rift attackers waste no time targeting exposed servers Researchers say 18-year-old flaw already being probed and exploited just days after disclosure Carly Page Carly Page Published mon 18 May 2026 // 14:02 UTC Exploit attempts are already hammering a newly disclosed NGINX bug dubbed "NGINX Rift," proving once again that attackers read patch notes faster than most admins.Researchers at VulnCheck said they are seeing active exploitation tied to CVE-2026-42945, a heap buffer…
Excerpt limited to ~120 words for fair-use compliance. The full article is at The Register.
Discussion
0 commentsMore from The Register
