top of page
ALL POSTS
NGINX CVE-2026-42945 Worker Crash Vulnerability Exploited in the Wild with Potential RCE
Key Findings NGINX vulnerability CVE-2026-42945 (CVSS 9.2) is actively exploited in the wild days after public disclosure Heap buffer overflow in ngx_http_rewrite_module affects NGINX versions 0.6.27 through 1.30.0 Flaw can crash worker processes or enable remote code execution on systems with ASLR disabled Exploitation requires specific NGINX configuration knowledge and crafted HTTP requests VulnCheck detected weaponized exploitation attempts against honeypot networks Two cr
May 172 min read
Nginx UI Vulnerability: CVE-2026-27944 Exposes Server Backups
Key Findings A critical vulnerability in Nginx UI, tracked as CVE-2026-27944, allows attackers to download and decrypt full server backups without authentication. The vulnerability stems from two major flaws: the /api/backup endpoint lacks authentication, and the server exposes the AES-256 encryption key and IV in an HTTP response header. Exploitation of the vulnerability could have serious consequences as a full Nginx UI backup contains large amounts of sensitive operational
Mar 82 min read
bottom of page
