Skip to content
The Nexus
DossierENTITY

NGINX

Coverage of NGINX in the Nexus archive.

Earliest in view: Apr 15 · 12:56 UTCMost recent: Jun 4 · 19:08 UTC
Co-mentioned in this coverage
Recent coverage
  • SECURITYJun 4 · 19:08 UTCTHE REGISTER
    OpenAI's agent chained decade-old DoS attacks to crash web servers in seconds

    OpenAI's Codex agent discovered a new denial-of-service (DoS) attack named HTTP/2 Bomb, which combines two decade-old techniques to crash vulnerable web servers in seconds. The exploit affects default HTTP/2 configurations on servers like nginx, Apache, and Microsoft IIS, with some vendors having released patches while others dispute the findings.

  • SECURITYJun 3 · 08:33 UTCTHE HACKER NEWS
    New HTTP/2 Bomb Vulnerability Allows Remote DoS on NGINX, Apache, IIS, Envoy & Cloudflare

    Cybersecurity researchers discovered a remote denial-of-service vulnerability, HTTP/2 Bomb, affecting major web servers including NGINX, Apache, IIS, Envoy, and Cloudflare. The exploit exists in default HTTP/2 configurations and was found by OpenAI Codex through chaining.

  • SECURITYMay 18 · 13:02 UTCTHE REGISTER
    NGINX Rift attackers waste no time targeting exposed servers

    A newly disclosed NGINX bug, dubbed 'NGINX Rift', is being actively exploited by attackers, with over 5.7 million internet-exposed servers potentially vulnerable. The bug, assigned a CVSS score of 9.2, can cause a crashed worker process and forced restart, and potentially allow code execution in certain configurations. Researchers are seeing active exploitation attempts just days after the CVE was published.

  • SECURITYMay 17 · 11:57 UTCTHE HACKER NEWS
    NGINX CVE-2026-42945 Exploited in the Wild, Causing Worker Crashes and Possible RCE

    A security flaw in NGINX Plus and NGINX Open is being actively exploited, causing worker crashes and possible remote code execution. The vulnerability, tracked as CVE-2026-42945, has a CVSS score of 9.2 and affects NGINX versions 0.6.27 through 1.30.0. The exploitation was reported by VulnCheck and depthfirst.

  • SECURITYMay 14 · 17:17 UTCHACKER NEWS
    New Nginx Exploit

    A new exploit has been discovered for Nginx, a popular web server software, with details and comments available on GitHub and Y Combinator news. The exploit is outlined in a repository on GitHub. Discussions are ongoing with 24 comments and 79 points.

  • SECURITYMay 14 · 15:43 UTCBLEEPING COMPUTER
    18-year-old NGINX vulnerability allows DoS, potential RCE

    An 18-year-old vulnerability in NGINX allows denial of service and potential remote code execution under certain conditions. The flaw was discovered using an autonomous scanning system. This vulnerability can be exploited for malicious purposes.

  • TECHNOLOGYApr 20 · 15:22 UTCHACKER NEWS
    I prompted ChatGPT, Claude, Perplexity, and Gemini and watched my Nginx logs

    The author tested AI models like ChatGPT, Claude, Perplexity, and Gemini by monitoring Nginx logs to analyze AI-generated traffic versus referral traffic. The article, hosted on surfacedby.com, received 42 points and 3 comments on Hacker News.

  • SECURITYApr 15 · 12:56 UTCTHE HACKER NEWS
    Actively Exploited nginx-ui Flaw (CVE-2026-33032) Enables Full Nginx Server Takeover

    A critical authentication bypass vulnerability (CVE-2026-33032) in nginx-ui, a web-based Nginx management tool, is being actively exploited to enable full server takeover. The flaw, named MCPwn by Pluto Security, carries a CVSS score of 9.8, indicating severe risk.

NGINX · Dossier · The Nexus