A newly disclosed NGINX Plus and NGINX Open flaw, CVE-2026-42945, is already being actively exploited in the wild, with attackers attempting to weaponize a heap buffer overflow that can crash worker processes and, in some cases, enable remote code execution. VulnCheck also reported active exploitation against multiple openDCIM flaws that can be chained for remote code execution, with attack activity linked to a single Chinese IP and the use of a customized Vulnhuntr-based discovery tool. #CVE-2026-42945 #NGINX #openDCIM #CVE-2026-28515 #CVE-2026-28517 #CVE-2026-28516 #VulnCheck #Vulnhuntr
Keypoints
- CVE-2026-42945 is a critical heap buffer overflow in NGINXβs ngx_http_rewrite_module.
- The flaw affects NGINX versions 0.6.27 through 1.30.0 and may crash worker processes.
- Remote code execution is possible only when ASLR is disabled and specific NGINX conditions are met.
- VulnCheck detected active exploitation attempts against openDCIM vulnerabilities in honeypot networks.
- The openDCIM flaws can be chained to achieve remote code execution and may involve a customized Vulnhuntr-based tool.
Read More: https://thehackernews.com/2026/05/nginx-cve-2026-42945-exploited-in-wild.html