NGINX RiftCVE-2026-42945 · Heap-based Buffer Overflow · CVSS v4.0 9.2 (Critical) found autonomously by depthfirst NGINX Rift An 18 year old memory corruption flaw in NGINX Plus and NGINX Open Source lets an unauthenticated attacker crash worker processes or execute remote code with crafted HTTP requests. TL;DR A bug in the ngx_http_rewrite_module lets a remote, unauthenticated attacker corrupt the heap of a
