Active NGINX flaw CVE-2026-42945 exploited in the wild, enabling RCE when ASLR is disabled
Security researchers report active exploitation of NGINX CVE-2026-42945—a heap overflow in ngx_http_rewrite_module affecting NGINX Plus/Open versions 0.6.27–1.30.0—that can crash worker processes or, if ASLR is disabled, allow unauthenticated remote code execution; exploitation requires a specific config and attacker knowledge, with F5 fixes urged for defense. VulnCheck also notes exploitation of openDCIM flaws (CVE-2026-28515/28517/28516) that can be chained to remote code execution, with observed activity from a Chinese IP using a Vulnhuntr-based tool to drop a PHP web shell.