NGINX Rift (CVE-2026-42945): An 18-Year-Old Heap Overflow in the World’s Most Deployed Web Server — Public Exploit Available Now
CVE-2026-42945 NGINX Rift is a CVSS 9.2 heap buffer overflow present in every NGINX version since 2008. Unauthenticated RCE or DoS. Public PoC on GitHub. Affects NGINX Open Source 0.6.27–1.30.0 and NGINX Plus R32–R36. Patch to 1.30.1 or 1.31.0 immediately. ~34% of all internet web servers are running affected versions right now.