NGINX
Coverage of NGINX in the Nexus archive.
- OpenAI's agent chained decade-old DoS attacks to crash web servers in seconds
OpenAI's Codex agent discovered a new denial-of-service (DoS) attack named HTTP/2 Bomb, which combines two decade-old techniques to crash vulnerable web servers in seconds. The exploit affects default HTTP/2 configurations on servers like nginx, Apache, and Microsoft IIS, with some vendors having released patches while others dispute the findings.
- New HTTP/2 Bomb Vulnerability Allows Remote DoS on NGINX, Apache, IIS, Envoy & Cloudflare
Cybersecurity researchers discovered a remote denial-of-service vulnerability, HTTP/2 Bomb, affecting major web servers including NGINX, Apache, IIS, Envoy, and Cloudflare. The exploit exists in default HTTP/2 configurations and was found by OpenAI Codex through chaining.
- NGINX Rift attackers waste no time targeting exposed servers
A newly disclosed NGINX bug, dubbed 'NGINX Rift', is being actively exploited by attackers, with over 5.7 million internet-exposed servers potentially vulnerable. The bug, assigned a CVSS score of 9.2, can cause a crashed worker process and forced restart, and potentially allow code execution in certain configurations. Researchers are seeing active exploitation attempts just days after the CVE was published.
- NGINX CVE-2026-42945 Exploited in the Wild, Causing Worker Crashes and Possible RCE
A security flaw in NGINX Plus and NGINX Open is being actively exploited, causing worker crashes and possible remote code execution. The vulnerability, tracked as CVE-2026-42945, has a CVSS score of 9.2 and affects NGINX versions 0.6.27 through 1.30.0. The exploitation was reported by VulnCheck and depthfirst.
- New Nginx Exploit
A new exploit has been discovered for Nginx, a popular web server software, with details and comments available on GitHub and Y Combinator news. The exploit is outlined in a repository on GitHub. Discussions are ongoing with 24 comments and 79 points.
- 18-year-old NGINX vulnerability allows DoS, potential RCE
An 18-year-old vulnerability in NGINX allows denial of service and potential remote code execution under certain conditions. The flaw was discovered using an autonomous scanning system. This vulnerability can be exploited for malicious purposes.
- I prompted ChatGPT, Claude, Perplexity, and Gemini and watched my Nginx logs
The author tested AI models like ChatGPT, Claude, Perplexity, and Gemini by monitoring Nginx logs to analyze AI-generated traffic versus referral traffic. The article, hosted on surfacedby.com, received 42 points and 3 comments on Hacker News.
- Actively Exploited nginx-ui Flaw (CVE-2026-33032) Enables Full Nginx Server Takeover
A critical authentication bypass vulnerability (CVE-2026-33032) in nginx-ui, a web-based Nginx management tool, is being actively exploited to enable full server takeover. The flaw, named MCPwn by Pluto Security, carries a CVSS score of 9.8, indicating severe risk.