#nginxrift — Public Fediverse posts
Live and recent posts from across the Fediverse tagged #nginxrift, aggregated by home.social.
-
La faille CVE-2026-42945 nom de code « Nginx Rift » (note CVSS 9.2) a désormais sa page dédiée : https://depthfirst.com/nginx-rift
Les paquets pour Debian 13/12/11 sont bien disponibles depuis quelques jours https://security-tracker.debian.org/tracker/CVE-2026-42945 (les paquets ELS devraient arriver prochainement) #nginxrift -
📢⚠️ Hackers are actively exploiting the Nginx Rift vulnerability affecting NGINX and F5 products, exposing servers to denial-of-service attacks.
Source: https://hackread.com/hackers-exploit-nginx-rift-vulnerability-nginx-f5-products/
-
📢⚠️ Hackers are actively exploiting the Nginx Rift vulnerability affecting NGINX and F5 products, exposing servers to denial-of-service attacks.
Source: https://hackread.com/hackers-exploit-nginx-rift-vulnerability-nginx-f5-products/
-
[Related]
L'exploitation sur internet de CVE-2026-42945 aka NGINX RIFT https://depthfirst.com/nginx-rift aurait commencé selon VulnCheck
⬇️
"Exploitation of Critical NGINX Vulnerability Begins"
"The flaw leads to denial-of-service on default configurations and to remote code execution if ASLR is disabled.
"
"Shortly after F5 released patches for the bug, Depthfirst published technical details and proof-of-concept (PoC) code targeting it. Now, VulnCheck says threat actors are already exploiting the issue in attacks.“We’re seeing active exploitation of CVE-2026-42945 in F5 NGINX, a heap buffer overflow affecting both NGINX Plus and NGINX Open Source on VulnCheck Canaries just days after the CVE was published,” VulnCheck researcher Patrick Garrity warned. ( https://www.linkedin.com/posts/patrickmgarrity_cybersecurity-threatintelligence-riskmanagement-share-7461369931851517952-PBjV/ ) "
👇
https://www.securityweek.com/exploitation-of-critical-nginx-vulnerability-begins -
🚨 CVE-2026-42945 (NGINX Rift)
NGINX Plus and NGINX Open Source have a vulnerability in the ngx_http_rewrite_module module. This vulnerability exists when the rewrite directive is followed by a rewrite, if, or set directive and an unnamed Perl-Compatible Regular Expression (PCRE) capture (for example, $1, $2) with a replacement string that includes a question mark (?). An unauthenticated attacker along with conditions beyond its control can exploit this vulnerability by sending crafted HTTP requests. This may cause a heap buffer overflow in the NGINX worker process leading to a restart. Additionally, for systems with Address Space Layout Randomization (ASLR ) disabled, code execution is possible. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
ℹ️ Additional info on ZEN SecDB https://secdb.nttzen.cloud/cve/detail/CVE-2026-42945
#nttdata #zen #secdb #infosec
#nginxrift #cve202642945 #nginx -
🚨 CVE-2026-42945 (NGINX Rift)
NGINX Plus and NGINX Open Source have a vulnerability in the ngx_http_rewrite_module module. This vulnerability exists when the rewrite directive is followed by a rewrite, if, or set directive and an unnamed Perl-Compatible Regular Expression (PCRE) capture (for example, $1, $2) with a replacement string that includes a question mark (?). An unauthenticated attacker along with conditions beyond its control can exploit this vulnerability by sending crafted HTTP requests. This may cause a heap buffer overflow in the NGINX worker process leading to a restart. Additionally, for systems with Address Space Layout Randomization (ASLR ) disabled, code execution is possible. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
ℹ️ Additional info on ZEN SecDB https://secdb.nttzen.cloud/cve/detail/CVE-2026-42945
#nttdata #zen #secdb #infosec
#nginxrift #cve202642945 #nginx -
This vulnerability in NGINX looks bad, patch as soon as it is available:
-
This vulnerability in NGINX looks bad, patch as soon as it is available:
-
This vulnerability in NGINX looks bad, patch as soon as it is available:
-
I am not sure, but I think the Nginx Proxy Manager Addon of #HomeAssistant is affected by the #NGINXRift exploit. Am I correct?
-
Qui ici attend la publication des paquets Debian pour #Nginx pour déployer un correctif de sécurité ? (#NginxRift)
#CVE-2026-42945