NGINX Heap Buffer Overflow in Rewrite Module Sparks RCE Concern — CVE-2026-42945 Details Surface

A critical heap buffer overflow vulnerability has been identified in NGINX's rewrite module, bearing the designation CVE-2026-42945. The flaw enables potential remote code execution (RCE) and traces its roots to a vulnerability that has existed unpatched for approximately 18 years. Security researchers have published a detailed writeup along with a proof-of-concept (PoC) exploit, significantly lowering the barrier for threat actors to leverage this weakness in targeted attacks.

The vulnerability resides specifically within the rewrite module of NGINX, a web server and reverse proxy widely deployed across global internet infrastructure. Researchers investigating the flaw have documented their findings under the project name "nginx-rift," detailing the technical pathway that allows an attacker to achieve RCE through the long-standing weakness. The 18-year timeline between the original flaw's emergence and the current PoC availability raises concerns about the exposure window and the potential number of unpatched systems still in operation.

Organizations running NGINX instances should prioritize assessing their exposure to this vulnerability, particularly those operating in high-signal environments where internet-facing assets are critical. The publication of a working PoC typically accelerates exploitation attempts in the wild, as it provides a practical toolkit for actors of varying skill levels. Patch management, traffic monitoring for indicators of rewrite module exploitation, and review of NGINX configuration hardening best practices represent immediate defensive priorities.