Summary

A critical security vulnerability in NGINX Plus and NGINX Open, identified as CVE-2026-42945, is being actively exploited in the wild. This vulnerability, a heap buffer overflow, potentially allows remote code execution (RCE) and has a CVSS score of 9.2.

Key Points

• The vulnerability affects NGINX versions 0.6.27 through 1.30.0.
• CVE-2026-42945 is a heap buffer overflow in the ngx_http_rewrite_module.
• The flaw has been actively exploited shortly after its public disclosure.
• The vulnerability has a CVSS score of 9.2, indicating high severity.
• VulnCheck reported the active exploitation of this vulnerability.
• The security company depthfirst has provided insights into the nature of the flaw.

Analysis

The active exploitation of CVE-2026-42945 highlights the critical need for immediate attention from IT professionals managing NGINX deployments. Given the high CVSS score and the potential for remote code execution, this vulnerability poses a significant threat to affected systems. The rapid exploitation following its disclosure underscores the importance of timely patching and vulnerability management.

Conclusion

IT professionals should prioritize applying patches or mitigations for CVE-2026-42945 to protect against potential RCE attacks. Regularly updating systems and monitoring for unusual activity can help mitigate the risks associated with this vulnerability.