home.social

#nginxrift — Public Fediverse posts

Live and recent posts from across the Fediverse tagged #nginxrift, aggregated by home.social.

  1. La faille CVE-2026-42945 nom de code « Nginx Rift » (note CVSS 9.2) a désormais sa page dédiée : depthfirst.com/nginx-rift
    Les paquets pour Debian 13/12/11 sont bien disponibles depuis quelques jours security-tracker.debian.org/tr (les paquets ELS devraient arriver prochainement) #nginxrift

  2. 📢⚠️ Hackers are actively exploiting the Nginx Rift vulnerability affecting NGINX and F5 products, exposing servers to denial-of-service attacks.

    Source: hackread.com/hackers-exploit-n

  3. 📢⚠️ Hackers are actively exploiting the Nginx Rift vulnerability affecting NGINX and F5 products, exposing servers to denial-of-service attacks.

    Source: hackread.com/hackers-exploit-n

    #CyberSecurity #NginxRift #Vulnerability #F4 #NGINX

  4. [Related]
    L'exploitation sur internet de CVE-2026-42945 aka NGINX RIFT depthfirst.com/nginx-rift aurait commencé selon VulnCheck
    ⬇️
    "Exploitation of Critical NGINX Vulnerability Begins"
    "The flaw leads to denial-of-service on default configurations and to remote code execution if ASLR is disabled.
    "
    "Shortly after F5 released patches for the bug, Depthfirst published technical details and proof-of-concept (PoC) code targeting it. Now, VulnCheck says threat actors are already exploiting the issue in attacks.

    “We’re seeing active exploitation of CVE-2026-42945 in F5 NGINX, a heap buffer overflow affecting both NGINX Plus and NGINX Open Source on VulnCheck Canaries just days after the CVE was published,” VulnCheck researcher Patrick Garrity warned. ( linkedin.com/posts/patrickmgar ) "
    👇
    securityweek.com/exploitation-

    #CyberVeille #NGINXRift

  5. 🚨 CVE-2026-42945 (NGINX Rift)

    NGINX Plus and NGINX Open Source have a vulnerability in the ngx_http_rewrite_module module. This vulnerability exists when the rewrite directive is followed by a rewrite, if, or set directive and an unnamed Perl-Compatible Regular Expression (PCRE) capture (for example, $1, $2) with a replacement string that includes a question mark (?). An unauthenticated attacker along with conditions beyond its control can exploit this vulnerability by sending crafted HTTP requests. This may cause a heap buffer overflow in the NGINX worker process leading to a restart. Additionally, for systems with Address Space Layout Randomization (ASLR ) disabled, code execution is possible. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

    ℹ️ Additional info on ZEN SecDB secdb.nttzen.cloud/cve/detail/

    #nttdata #zen #secdb #infosec
    #nginxrift #cve202642945 #nginx

  6. 🚨 CVE-2026-42945 (NGINX Rift)

    NGINX Plus and NGINX Open Source have a vulnerability in the ngx_http_rewrite_module module. This vulnerability exists when the rewrite directive is followed by a rewrite, if, or set directive and an unnamed Perl-Compatible Regular Expression (PCRE) capture (for example, $1, $2) with a replacement string that includes a question mark (?). An unauthenticated attacker along with conditions beyond its control can exploit this vulnerability by sending crafted HTTP requests. This may cause a heap buffer overflow in the NGINX worker process leading to a restart. Additionally, for systems with Address Space Layout Randomization (ASLR ) disabled, code execution is possible. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

    ℹ️ Additional info on ZEN SecDB secdb.nttzen.cloud/cve/detail/

    #nttdata #zen #secdb #infosec
    #nginxrift #cve202642945 #nginx

  7. I am not sure, but I think the Nginx Proxy Manager Addon of #HomeAssistant is affected by the #NGINXRift exploit. Am I correct?

  8. Qui ici attend la publication des paquets Debian pour #Nginx pour déployer un correctif de sécurité ? (#NginxRift)

    #CVE-2026-42945

    security-tracker.debian.org/tr