Critical NGINX Vulnerability CVE-2026-42945 Now Under Active Attack

Security researchers disclosed CVE-2026-42945 (“NGINX Rift”), a critical memory-corruption flaw in NGINX Open Source and NGINX Plus (and some F5 products) that can be triggered by crafted HTTP requests using certain rewrite directive patterns; exploitation attempts were observed soon after public disclosure, and vendors have released patches and mitigations including updated packages and recommendations to replace unnamed regex captures.