NGINX CVE-2026-42945 Exploited in the Wild, Causing Worker Crashes and Possible RCE

thehackernews.com·May 17, 2026

A newly revealed security vulnerability (CVE-2026-42945) in NGINX Plus and NGINX Open, which affects versions from 0.6.27 to 1.30.0, is being actively exploited following its public disclosure, with a high CVSS score of 9.2 indicating a serious risk.

For someone focused on cybersecurity and threat intelligence, the active exploitation of the NGINX vulnerability CVE-2026-42945 highlights the urgent need to patch systems running vulnerable versions (0.6.27 through 1.30.0) immediately. Given its high CVSS score of 9.2, prioritizing the update of NGINX infrastructure can prevent potential remote code execution attacks, which are actively being exploited in the wild.

Want more content like this?

twixb tracks your favorite blogs and social media, filters by keywords, and delivers personalized key learnings — straight to your inbox.

Create Your Own →Explore Newsfeeds

More from Cybersecurity News

Recent stories curated alongside this one.

Browse all Cybersecurity News →

NGINX CVE-2026-42945 Exploited in the Wild, Causing Worker Crashes and Possible RCE

Want more content like this?

More from Cybersecurity News

Microsoft shares mitigation for YellowKey Windows zero-day

Risky Business #838 -- GitHub investigates possible breach

Risky Bulletin: Microsoft takes down crime SaaS used by ransomware gangs

Verizon DBIR 2026: Vulnerability Exploitation Overtakes Credential Theft as Top Breach Vector

Max-severity flaw in ChromaDB for AI apps allows server hijacking