18-Year-Old NGINX Rewrite Module Flaw Enables Unauthenticated RCE
Score pertinence: 100/100
Cybersecurity researchers have disclosed multiple security vulnerabilities impacting NGINX Plus and NGINX Open, including a critical flaw that remained undetected for 18 years.
The vulnerability, discovered by depthfirst, is a heap buffer overflow issue impacting ngx_http_rewrite_module (CVE-2026-42945, CVSS v4 score: 9.2) that could allow an attacker to achieve remote code execution or cause a
Source: Flux RSS
![[Cybersécurité] 18-Year-Old NGINX Rewrite Module Flaw Enables Unauthenticated RCE](https://cyber.kiminox.net/wp-content/uploads/2024/10/cybersecurity_img2-900x900.png)