Cybersecurity researchers have disclosed multiple security
vulnerabilities impacting NGINX Plus and NGINX Open, including a
critical flaw that remained undetected for 18 years. The
vulnerability, discovered by depthfirst, is a heap buffer overflow
issue impacting ngx_http_rewrite_module (CVE-2026-42945, CVSS v4
score: 9.2) that could allow an attacker to achieve remote code
execution or cause a
Read more https://thehackernews.com/2026/05/18-year-old-nginx-rewrite-module-flaw.html
