Hackers Actively Exploiting Critical NGINX RCE Vulnerability in the Wild

Hackers Actively Exploiting Critical NGINX RCE Vulnerability in the Wild

Security researcher Patrick Garrity from VulnCheck revealed that threat actors are actively targeting CVE-2026-42945, a heap buffer overflow flaw affecting both NGINX Open Source and NGINX Plus. 🚨

The vulnerability has quickly moved from disclosure to exploitation, highlighting how rapidly attackers weaponize newly published flaws. According to VulnCheck’s Initial Access team, the vulnerability allows an unauthenticated attacker to crash NGINX worker processes by sending specially crafted HTTP requests.

Another important limitation is that exploitation requires a specific NGINX rewrite configuration. This means not every exposed NGINX server is vulnerable, reducing the overall attack surface. Still, the scale of potential exposure remains significant. 📊

In a LinkedIn post, VulnCheck researcher Patrick Garrity said Censys data indicates around 5.7 million internet-facing NGINX servers could be running vulnerable versions. 🌐

Organizations that delay patching even for a few days may already be at risk. As threat actors continue to automate scanning and exploitation, proactive vulnerability management remains one of the most effective defenses against emerging cyber threats. 🔒

Read full article