18-year-old NGINX flaw raises DoS risk and possible RCE in certain configs

May 15, 2026 at 01:22 PM

•

1 min read

18-year-old NGINX flaw raises DoS risk and possible RCE in certain configs — Photo: BleepingComputer

TL;DR Summary

An 18-year-old heap buffer overflow in NGINX's rewrite_module (CVE-2026-42945) can cause denial of service and, under specific rewrite configurations, unauthenticated remote code execution. Patches are available in NGINX Open Source 1.31.0 and 1.30.1 and related F5 products; real-world exploitability is debated, but the DoS risk makes patching or applying mitigations urgent, especially where ASLR is disabled to enable RCE in PoC tests.

Topics:technology #cve-2026-42945 #dos #nginx #rce #security #vulnerability

Share this article

18-year-old NGINX vulnerability allows DoS, potential RCE BleepingComputer
18-Year-Old NGINX Rewrite Module Flaw Enables Unauthenticated RCE The Hacker News
CVE-2026-42945: Critical NGINX Rewrite Flaw SOC Prime
Critical 18-Year-Old NGINX Vulnerability Enables Remote Code Execution Attacks CyberSecurityNews
NGINX is critically vulnerable: hackers can crash servers and run remote code with no authentication Cybernews

Reading Insights

Total Reads

Unique Readers

Time Saved

5 min

vs 6 min read

Condensed

95%

1,157 → 62 words

Want the full story? Read the original article

Read on BleepingComputer

JavaScript Required

tl;dr daily news requires JavaScript to be enabled. Please enable JavaScript in your browser settings.

Related Sources

Reading Insights