NGINX CVE-2026-42945 Exploited in the Wild, Causing Worker Crashes and Possible RCE
Summary
A critical heap buffer overflow vulnerability, CVE-2026-42945, affecting NGINX Plus and NGINX Open has been actively exploited in the wild shortly after its public disclosure. This flaw, with a CVSS score of 9.2, can lead to worker crashes and potentially remote code execution.
IFF Assessment
This vulnerability allows attackers to crash NGINX services and potentially gain remote code execution, posing a significant threat to infrastructure availability and security.
Severity
The high CVSS score of 9.2 is attributed to the nature of the vulnerability (heap buffer overflow), its active exploitation in the wild, and the potential for remote code execution.
Defender Context
This active exploitation of a critical NGINX vulnerability necessitates immediate patching and heightened monitoring for suspicious activity related to NGINX services. Defenders should prioritize applying the relevant security updates to prevent worker crashes and potential RCE attacks.