A critical security flaw impacting a core request-routing component of both commercial and open-source web servers has been disclosed after remaining latent in the codebase for nearly two decades. The vulnerability allows unauthenticated attackers to cause a worker process crash or achieve remote code execution via malformed HTTP requests.
Tracked as CVE-2026-42945 and codenamed NGINX Rift, the defect lies within the ngx_http_rewrite_module processing engine distributed by @[F5]. The bug triggers when a specific rewrite directive sequence processes unnamed regular expression captures paired with a replacement string containing a question mark. An unauthenticated attacker can exploit this condition to overwrite memory allocations within the active NGINX worker process, causing system instability or local code execution if memory safety configurations are deficient.
Because NGINX functions as the primary ingress point and reverse proxy for a massive portion of the global web, structural logic flaws inside its parsing engines represent a critical infrastructure risk. A compromise at this layer permits an adversary to bypass application gateways, intercept unencrypted payload data, and establish deep persistent tunnels inside internal container hosting environments.
– Update NGINX Plus instances to versions R32 P6, R36 P4, or higher to enforce safe memory allocations.
– Upgrade NGINX Open Source environments to production levels 1.30.1 or 1.31.0 to eliminate the vulnerable rewrite execution block.
– Audit web application configuration files to isolate reverse proxy definitions where nested rewrite directives handle untrusted external parameters.
– Ensure Address Space Layout Randomization is strictly enabled across all underlying Linux server hosts to mitigate the risk of binary payload execution.
Securing foundational internet infrastructure requires rapid patch validation alongside continuous auditing of configuration parsing logic across the enterprise edge. #CodeDefence #NGINX #NGINXRift #RCE #AppSec
/
