Threat researchers identified a critical severity vulnerability in NGINX Plus and NGINX Open, tracked as CVE-2026-42945. The vulnerability discovered by depthfirst is an 18-year-old memory corruption flaw in NGINX Plus and NGINX Open Source. Successful exploitation of the vulnerability may allow an unauthenticated attacker to cause a denial-of-service (DoS) on the NGINX system or to trigger code execution. NGINX is an open-source, high-performance HTTP web server, reverse proxy, … Continue reading “F5 Nginx Remote Code Execution Vulnerability (CVE-2026-42945)”