威易网

超 254 万中国网站受影响!Nginx 高危 RCE 漏洞(CVE-2026-42945)已潜伏 18 年

2026 年 5 月 13 日,F5 和安全研究员 depthfirst 公布了一个 Nginx ngx_http_rewrite_module 模块中的堆缓冲区溢出漏洞,编号 CVE-2026-42945,被命名为"NGINX Rift"。攻击者只需发送一个精心构造的 HTTP 请求,就能在未认证的情况下执行任意代码或导致服务崩溃。 这个漏洞为什么值得关注 Nginx 是全球使用最广泛的反向代理 ...

18-year-old NGINX vulnerability allows DoS, potential RCE

An 18-year-old flaw in the NGINX open-source web server, discovered using an autonomous scanning system, can be exploited for ...
Security Boulevard

Three CVEs and the May 2026 Exploit Chain Nobody’s Taking Seriously

May 2026 dropped three critical Linux vulnerabilities on a near-weekly cadence, and the security discourse has mostly treated them as three separate bad days. They’re not. Together they form a ...
CSOonline

AI agent finds 18-year-old remote code execution flaw in Nginx

An LLM-powered system found 4 security bugs, including a critical one in the web server’s URL rewrite module. Researchers have found a critical vulnerability in the widely used Nginx web server that ...