NGINX CVE-2026-42945 Exploited in the Wild, Causing Worker Crashes and Possible RCE

SITREP: A critical security vulnerability, CVE-2026-42945, affecting NGINX Plus and NGINX Open has been actively exploited, leading to worker crashes and potential remote code execution (RCE). The flaw, a heap buffer overflow in the ngx_http_rewrite_module, impacts versions 0.6.27 through 1.30.0. TACTICAL ASSESSMENT: The exploitation of this vulnerability poses significant risks to organizations using affected NGINX versions, potentially leading to unauthorized access and system compromise. This incident highlights the urgency for timely patching and vulnerability management in critical infrastructure. PROJECTED VECTORS: Further exploitation attempts are likely as attackers seek to leverage this vulnerability for broader access to systems.