> TritonInfoSec News
Home / May 15, 2026 / Story
0
#3 The Hacker News general May 14, 2026 at 06:00 UTC

18-Year-Old NGINX Rewrite Module Flaw Enables Unauthenticated RCE

By [email protected] (The Hacker News)

AI Summary

Researchers disclosed CVE-2026-42945, an 18-year-old heap buffer overflow in NGINX's ngx_http_rewrite_module (CVSS v4: 9.2) affecting both NGINX Plus and NGINX Open Source, enabling unauthenticated remote code execution. The flaw evaded detection for nearly two decades and was discovered via an autonomous scanning system, underscoring how AI-assisted auditing is surfacing long-dormant vulnerabilities in ubiquitous web infrastructure.

Read full article → https://thehackernews.com/2026/05/18-year-old-ngin…

Relevance score: 88.0/100

# More from May 15

  1. 1
    Cisco warns of new critical SD-WAN flaw exploited in zero-day attacks BleepingComputer
  2. 2
    OpenAI confirms security breach in TanStack supply chain attack BleepingComputer
  3. 4
    Windows 11 and Microsoft Edge hacked at Pwn2Own Berlin 2026 BleepingComputer
  4. 5
    Major tech manufacturer Foxconn confirms cyberattack hit North American factories CyberScoop
  5. 6
    New Fragnesia Linux flaw lets attackers gain root privileges BleepingComputer
  6. 7
    Windows Zero-Days Expose BitLocker Bypasses And CTFMON Privilege Escalation The Hacker News
  7. 8
    Ghostwriter Targets Ukrainian Government With Geofenced PDF Phishing, Cobalt Strike The Hacker News
  8. 9
    Stealer Backdoor Found in 3 Node-IPC Versions Targeting Developer Secrets The Hacker News
  9. 10
    Microsoft's MDASH AI System Finds 16 Windows Flaws Fixed in Patch Tuesday The Hacker News