A critical vulnerability in NGINX, identified as CVE-2026-42945, is being actively exploited, enabling attackers to crash systems or potentially execute code via malicious HTTP requests. This flaw, which affects both NGINX Plus and NGINX Open Source, has a CVSS v4 score of 9.2, indicating a high level of severity. According to VulnCheck, active exploitation of this vulnerability has been observed in F5 NGINX, with heap buffer overflow attacks targeting vulnerable systems just days after the CVE was published1. The rapid exploitation of this flaw underscores the importance of prompt patching and mitigation. As a result, practitioners should prioritize vulnerability remediation based on their exposure and evidence of exploitation. The active exploitation of CVE-2026-42945 expands the attack surface, making it essential for organizations to take immediate action to protect their systems.
Experts warn of active exploitation of critical NGINX flaw CVE-2026-42945
⚠️ Critical Alert
Why This Matters
CVE-2026-42945 disclosure expands the active attack surface — prioritize based on your exposure and exploitation evidence.
References
- SecurityAffairs. (2026, May 18). Experts warn of active exploitation of critical NGINX flaw CVE-2026-42945. SecurityAffairs. https://securityaffairs.com/192289/hacking/experts-warn-of-active-exploitation-of-critical-nginx-flaw-cve-2026-42945.html
Original Source
SecurityAffairs
Read original →