NGINX Rift: An 18-Year-Old Heap Buffer Overflow in the World's Most Deployed Web Server
CVE-2026-42945, a CVSS 9.2 vulnerability in NGINX rewrite module, has been in the code since 0.6.27. Patches rolling out. Affects nearly every web server on the public internet.