Critical Heap Buffer Overflow in NGINX (CVE‑2026‑42945) Enables Remote Code Execution
What It Is — A heap‑buffer overflow in the ngx_http_rewrite_module of NGINX Plus and NGINX Open allows an attacker to corrupt memory, trigger worker process crashes, and potentially achieve remote code execution (RCE).
Exploitability — Public exploit code has been observed in the wild within days of disclosure; CVSS v3.1 base score 9.2 (Critical).
Affected Products — NGINX versions 0.6.27 through 1.30.0 (both NGINX Plus commercial and open‑source builds).
TPRM Impact — NGINX underpins web‑applications, API gateways, and CDN edge nodes for thousands of SaaS and cloud‑infrastructure providers. A compromised upstream NGINX instance can be leveraged to pivot into downstream services, exfiltrate data, or disrupt critical business functions across the supply chain.
Recommended Actions
- Immediately apply the vendor‑released patches (NGINX 1.30.1+ or the corresponding Plus update).
- Review and harden any custom rewrite rules; limit untrusted input exposure.
- Deploy Web Application Firewall (WAF) signatures that detect the known exploit payloads.
- Conduct rapid asset inventory to confirm all internet‑facing NGINX instances are patched.
- For legacy environments that cannot be patched, consider temporary mitigation: disable the
ngx_http_rewrite_moduleor block suspicious request patterns at the edge.
Source: The Hacker News