cve-2026-42945

5 posts

A few bytes spill onto the next heap chunk

Technical writeup of CVE-2026-42945, the NGINX rewrite module heap overflow, plus what it means for LLM deployments sitting behind the proxy.

May 18, 2026

Article

An NGINX worker just crashed in production

Board-level briefing on NGINX CVE-2026-42945: confirmed in-the-wild exploitation, edge exposure, control failure at runtime, and what must be established.

May 18, 2026

Article

NGINX ships emergency patch for HTTP/3 heap overflow

CVE-2026-42945 technical analysis: heap overflow in NGINX HTTP/3 HEADERS frame parsing, worker RCE primitive, telemetry gaps, and patch boundary.

May 18, 2026

Article

Patching nginx doesn't close this one

CVE-2026-42945 NGINX rewrite module heap buffer overflow: bug mechanism, exploit primitives, MITRE mapping, and EDR telemetry blind spots in worker exploitation.

May 18, 2026

Article

NGINX rewrite module bleeds memory

CVE-2026-42945 places a heap buffer overflow inside NGINX's rewrite module, on the request path. Defect class confirmed. Impact not confirmed.

May 16, 2026