nginx
6 posts
Nginx patched. Assume breach.
NGINX issued the nginx-poolslip patch. Operator analysis of what is confirmed, what is not, and what must change at the proxy boundary.
A few bytes spill onto the next heap chunk
Technical writeup of CVE-2026-42945, the NGINX rewrite module heap overflow, plus what it means for LLM deployments sitting behind the proxy.
An NGINX worker just crashed in production
Board-level briefing on NGINX CVE-2026-42945: confirmed in-the-wild exploitation, edge exposure, control failure at runtime, and what must be established.
NGINX ships emergency patch for HTTP/3 heap overflow
CVE-2026-42945 technical analysis: heap overflow in NGINX HTTP/3 HEADERS frame parsing, worker RCE primitive, telemetry gaps, and patch boundary.
Patching nginx doesn't close this one
CVE-2026-42945 NGINX rewrite module heap buffer overflow: bug mechanism, exploit primitives, MITRE mapping, and EDR telemetry blind spots in worker exploitation.
NGINX rewrite module bleeds memory
CVE-2026-42945 places a heap buffer overflow inside NGINX's rewrite module, on the request path. Defect class confirmed. Impact not confirmed.