Product

NGINX Plus

4 briefs RSS

Nginx Vulnerability Leading to Remote Code Execution and Denial of Service

A vulnerability in Nginx allows a remote attacker to execute arbitrary code and cause a denial-of-service condition, affecting Nginx Open Source versions 1.x before 1.30.2, versions after 1.31.0 before 1.31.1, Nginx Plus versions 37.x before 37.0.1.1, and versions Rx before R36 P5 or R32 P7.

NGINX Open Source +1 nginx rce dos CVE-2026-9256 webserver

2r 2t 3w ago

high threat

NGINX Open Source and NGINX Plus Vulnerability Allows Denial of Service and Potential Code Execution

2 rules 1 TTP

A remote, anonymous attacker can exploit a vulnerability in NGINX Open Source and NGINX Plus to perform a denial-of-service attack and potentially execute arbitrary code.

NGINX Open Source +1 nginx denial-of-service code-execution

2r 1t 3w ago

critical advisory

Multiple Vulnerabilities in NGINX Open Source and NGINX Plus

2 rules 8 TTPs

Multiple vulnerabilities in NGINX Open Source and NGINX Plus allow a remote, anonymous attacker to bypass security measures, execute arbitrary code, manipulate data, disclose confidential information, or cause a denial-of-service condition.

nginx open source +1 nginx vulnerability webserver

2r 8t May 18, 2026

high threat

CVE-2026-42945: NGINX ngx_http_rewrite_module Heap Buffer Overflow

2 rules 3 TTPs 1 CVE

NGINX Plus and NGINX Open Source are vulnerable to a heap buffer overflow (CVE-2026-42945) due to crafted HTTP requests when the rewrite directive is followed by a rewrite, if, or set directive and an unnamed PCRE capture with a replacement string that includes a question mark, potentially leading to denial of service or code execution.

NGINX Plus +1 cve CVE-2026-42945 nginx heap overflow denial of service webserver

2r 3t 1c May 13, 2026