NGINX Under Active Attack: CVE-2026-42945 and CVE-2026-9256 Put Your Infrastructure at Risk

NGINX is under active attack from two critical heap buffer overflow vulnerabilities in the ngx_http_rewrite_module (CVE-2026-42945 “NGINX Rift” and CVE-2026-9256 “nginx-poolslip”). Both allow guaranteed denial-of-service and can lead to remote code execution when ASLR is disabled; they affect wide ranges of NGINX Open Source, NGINX Plus, and several downstream products. The report details affected/fixed versions, exploitation triggers (unnamed PCRE capture groups in rewrites), active exploitation evidence, and prioritized mitigations: apply vendor patches, audit rewrite configurations, ensure ASLR, monitor worker restarts, and deploy WAF protections.