A critical 18-year-old heap buffer overflow vulnerability (CVE-2026-42945) has been discovered in NGINX's ngx_http_rewrite_module, enabling unauthenticated remote code execution (RCE) attacks. The flaw, present since 2008 and affecting numerous NGINX products, arises from a mismatch in URL rewriting logic and has a CVSS score of 9.2; security updates have been released and urgent patching is recommended.
https://cybersecuritynews.com/18-year-old-nginx-rce-vulnerability/

