The internet's foundational web server, NGINX, is under fire. A critical flaw is already being weaponized in the wild, with implications ranging from service disruption to full system compromise.
The genie's out of the bottle. Proof-of-concept code for a critical NGINX vulnerability has just dropped, turning a patched bug into an immediate headache for sysadmins.
A critical NGINX vulnerability, dubbed 'NGINX Rift,' has been disclosed, and it's already sending ripples through the internet infrastructure. Millions of websites could be exposed.
Eighteen years. That's how long a critical flaw sat hidden in NGINX, the web server powering a third of the internet. Discovered recently, this vulnerability can be exploited for serious damage, from crashing servers to executing arbitrary code.
Eighteen years. That's how long a critical NGINX vulnerability sat dormant, waiting to be found. Discovered by depthfirst, NGINX Rift (CVE-2026-42945) allows unauthenticated attackers to execute code remotely.