The critical NGINX vulnerability CVE-2026-42945, dubbed NGINX Rift, is being actively exploited and allows for denial-of-service and potential remote code execution via a specially crafted HTTP request. It has a CVSS 3.1 score of 8.1 (HIGH).
A critical NGINX vulnerability (CVE-2026-42945) disclosed last week is being exploited by attackers, VulnCheck security researcher Patrick Garrity revealed on Saturday. The vulnerability, dubbed NGINX Rift, can be reliably exploited to trigger a denial-of-service condition and can potentially allow for unauthenticated remote code execution, all achievable by sending a specially crafted HTTP request to a vulnerable NGINX instance. What is NGINX? NGINX is the most widely deployed web server and, as such, itβs one of β¦ More β The post Attackers are exploiting critical NGINX vulnerability (CVE-2026-42945) appeared first on Help Net Security .