Multiple Vulnerabilities in NGINX Could Allow for Remote Code Execution

Multiple critical vulnerabilities were disclosed in NGINX (CVE-2026-42945, CVE-2026-42946, CVE-2026-40701, CVE-2026-42934) including a heap buffer overflow that can enable remote code execution when ASLR is disabled, an excessive memory allocation that can crash workers, a use-after-free in TLS OCSP handling, and an out-of-bounds read in charset handling; successful exploitation can crash NGINX worker processes and, in some configurations, allow unauthenticated RCE, so operators should prioritize patching or mitigations immediately.