2026 年 5 月 13 日，F5 和安全研究员 depthfirst 公布了一个 Nginx ngx_http_rewrite_module 模块中的堆缓冲区溢出漏洞，编号 CVE-2026-42945，被命名为"NGINX Rift"。攻击者只需发送一个精心构造的 HTTP 请求，就能在未认证的情况下执行任意代码或导致服务崩溃。 这个漏洞为什么值得关注 Nginx 是全球使用最广泛的反向代理 ...

Exploit attempts are already hammering a newly disclosed NGINX bug dubbed "NGINX Rift," proving once again that attackers ...

Depthfirst has published technical details and proof-of-concept (PoC) exploit code targeting a critical NGINX vulnerability.

An 18-year-old flaw in the NGINX open-source web server, discovered using an autonomous scanning system, can be exploited for ...

NGINX Rift CVE-2026-42945 scores 9.2 after 18 years, enabling unauthenticated RCE or DoS via crafted HTTP requests.

May 2026 dropped three critical Linux vulnerabilities on a near-weekly cadence, and the security discourse has mostly treated them as three separate bad days. They’re not. Together they form a ...

An LLM-powered system found 4 security bugs, including a critical one in the web server’s URL rewrite module. Researchers have found a critical vulnerability in the widely used Nginx web server that ...