Dossier
NGINX Plus
Coverage of NGINX Plus in the Nexus archive.
- NGINX CVE-2026-42945 Exploited in the Wild, Causing Worker Crashes and Possible RCE
A security flaw in NGINX Plus and NGINX Open is being actively exploited, causing worker crashes and possible remote code execution. The vulnerability, tracked as CVE-2026-42945, has a CVSS score of 9.2 and affects NGINX versions 0.6.27 through 1.30.0. The exploitation was reported by VulnCheck and depthfirst.
- 18-Year-Old NGINX Rewrite Module Flaw Enables Unauthenticated RCE
Cybersecurity researchers discovered multiple security vulnerabilities in NGINX Plus and NGINX Open, including a critical 18-year-old flaw that allows unauthenticated remote code execution. The vulnerability is a heap buffer overflow issue impacting ngx_http_rewrite_module with a CVSS v4 score of 9.2. This flaw could enable attackers to achieve remote code execution or cause crashes.