NGINX CVE-2026-42945 Actively Exploited - Critical RCE Risk

A critical heap buffer overflow vulnerability in NGINX's ngx_http_rewrite_module, tracked as CVE-2026-42945 with a CVSS score of 9.2, is now under active exploitation mere days after its public disclosure. The flaw, introduced in 2008, affects NGINX Plus and NGINX Open Source versions ranging from 0.6.27 through 1.30.0. According to VulnCheck, threat actors have already begun weaponizing the vulnerability, with exploitation attempts detected against honeypot networks. Organizations can use a port scanner to identify exposed NGINX instances that may be vulnerable to this attack vector.

The vulnerability permits unauthenticated attackers to crash worker processes via crafted HTTP requests, creating a denial-of-service condition. Remote code execution is theoretically possible but requires specific conditions: a vulnerable NGINX configuration must be present, and Address Space Layout Randomization (ASLR) must be disabled on the target system. Security researcher Kevin Beaumont noted that reliable exploitation demands knowledge or discovery of the specific configuration. AlmaLinux maintainers confirmed that while turning the heap overflow into reliable code execution is not trivial with default settings and ASLR enabled, the worker-crash DoS vector is exploitable enough to warrant urgent attention. Organizations should verify their server configurations and consider running a SSL/TLS checker as part of their broader security assessment.

Simultaneously, VulnCheck researcher Val discovered critical vulnerabilities in openDCIM, an open-source data center infrastructure management application. Two flaws rated 9.3 on the CVSS scale are being actively targeted: CVE-2026-28515, a missing authorization vulnerability allowing authenticated users to modify LDAP configuration regardless of privileges, and CVE-2026-28517, an OS command injection in report_network_map.php where the 'dot' parameter is passed unsanitized to shell commands. These flaws join CVE-2026-28516, an SQL injection vulnerability also rated 9.3. Users are strongly advised to apply patches from F5 for NGINX and review openDCIM security advisories immediately. A comprehensive privacy checkup can help identify exposed services and potential attack surfaces.