THREATNOIR
Subscribe
Back to Feed
Zero-dayMay 14, 2026

‼️ CVE-2026-42945: RCE Proof of concept for CVE-2026-42945, a critical heap buffer overflow in NG...

CVE-2026-42945: Critical heap buffer overflow RCE PoC released for NGINX ngx_http_rewrite_module

Read at source

Summary

A critical remote code execution vulnerability (CVE-2026-42945) in NGINX's ngx_http_rewrite_module has been publicly disclosed with proof-of-concept code. The heap buffer overflow flaw was introduced in 2008 and affects the module's rewrite functionality, allowing unauthenticated attackers to execute arbitrary code on vulnerable systems.

Indicators of Compromise

  • cve — CVE-2026-42945
  • url — https://github.com

Entities

NGINX (product)ngx_http_rewrite_module (product)NGINX Inc. (vendor)