惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

小众软件
小众软件
IT之家
IT之家
钛媒体:引领未来商业与生活新知
钛媒体:引领未来商业与生活新知
Security Archives - TechRepublic
Security Archives - TechRepublic
P
Proofpoint News Feed
C
CERT Recently Published Vulnerability Notes
阮一峰的网络日志
阮一峰的网络日志
OSCHINA 社区最新新闻
OSCHINA 社区最新新闻
The Cloudflare Blog
P
Palo Alto Networks Blog
Know Your Adversary
Know Your Adversary
D
Darknet – Hacking Tools, Hacker News & Cyber Security
Cisco Talos Blog
Cisco Talos Blog
L
Lohrmann on Cybersecurity
AWS News Blog
AWS News Blog
J
Java Code Geeks
博客园_首页
Scott Helme
Scott Helme
WordPress大学
WordPress大学
有赞技术团队
有赞技术团队
T
The Exploit Database - CXSecurity.com
Security Latest
Security Latest
V
Visual Studio Blog
Cloudbric
Cloudbric
Jina AI
Jina AI
K
KPMG report finds enterprise disconnect between AI and its ROI | CIO
博客园 - 叶小钗
Apple Machine Learning Research
Apple Machine Learning Research
博客园 - 聂微东
人人都是产品经理
人人都是产品经理
A
Arctic Wolf
C
Cybersecurity and Infrastructure Security Agency CISA
S
SegmentFault 最新的问题
The Last Watchdog
The Last Watchdog
SecWiki News
SecWiki News
cs.CV updates on arXiv.org
cs.CV updates on arXiv.org
W
WeLiveSecurity
K
Kaspersky official blog
让小产品的独立变现更简单 - ezindie.com
让小产品的独立变现更简单 - ezindie.com
Hacker News: Ask HN
Hacker News: Ask HN
cs.CL updates on arXiv.org
cs.CL updates on arXiv.org
freeCodeCamp Programming Tutorials: Python, JavaScript, Git & More
宝玉的分享
宝玉的分享
Hugging Face - Blog
Hugging Face - Blog
量子位
Google Online Security Blog
Google Online Security Blog
博客园 - Franky
Simon Willison's Weblog
Simon Willison's Weblog
博客园 - 三生石上(FineUI控件)
Recent Commits to openclaw:main
Recent Commits to openclaw:main

Orca Security

Langflow RCE Actively Exploited to Deploy Cryptominers on AI Infrastructure Orca MCP: When Text Stops Scaling Kubernetes Compliance Tools: Automating CIS Benchmarks Risk-Based Vulnerability Management for the Cloud: A 2026 Guide Private Cloud Security: Top Risks and Best Practices (2026) What Is Generative AI in Cybersecurity? Best Vulnerability Management Tools and Software in 2026 2026 State of Application Security Report Recap: What the Data Says and What Security Teams Should Do About It AI Security for Sensitive Data: Best Practices and Guidelines Best AI Code Security Solutions 2026: How to Secure AI-Generated Code From Platform to Program: How to Ensure Your Cloud Security Solution Delivers Best AI Cybersecurity Providers 2026: A Buyer's Guide to AI-Powered Security Platforms Join Orca Security at Black Hat USA 2026 CNAPP Tools That Reduce Security Tool Sprawl: CNAPP vs. Dedicated Solutions What Is Container Runtime Security? A Practical Guide 2026 What Is Application Security Testing? Tools and Types What Is Managed Cloud Security? A Practical Guide What Is SaaS Security Posture Management? SSPM Guide Top 10 Cloud Security Standards for Compliance What is the MIT License? Compliance and Comparisons AI Agents vs. Agentless Security vs. Agent-based Security 144 Mastra npm Packages Compromised via Supply Chain Attack The Complete Guide to LLM Security: Risks, Best Practices, and Solutions Cloud Security LIVE 2026: Top 10 Takeaways Practitioners Can Use Now Cloud Security LIVE 2026: Top 10 Takeaways CISOs Can Use Now (and What to Do Next) How Orca Traced an nginx Flaw to 1.45 Million Tengine Servers All Running Vulnerable Code What to Look for in Container Security Tools Cloud Application Security Best Practices for DevSecOps Cloud Security Tools: 10 Types Explained for Teams What Is NIST CSF? Framework 2.0 Explained 7 Open Source Incident Response Tools by Category Critical Langflow Path Traversal Flaw Exploited for Unauthenticated RCE Critical PhpSpreadsheet RCE Patch Bypass Puts Millions at Risk Critical Splunk Enterprise Vulnerabilities Allow Unauthenticated File Operations and Remote Code Execution 16 Best Open Source Application Security Tools 2026 What Is Containerization? Security and Best Practices 8 Container Security Best Practices for 2026 Close the Cloud Identity Gap with Orca and AWS IAM Access Analyzer The 5-Step Context-Aware Cloud Vulnerability Prioritization Framework Critical Jupyter Enterprise Gateway Vulnerabilities Enable Full Kubernetes Cluster Takeover AI Security Best Practices for Regulated Industries Massive PyPI Supply Chain Attack Harvests Cloud Credentials via Python Startup Hooks SAST vs SCA: Key Differences for AppSec Teams What Is Cloud Security Architecture? Principles, Layers, and Frameworks What Is ASPM? A Guide to Application Security Posture Management What Is SaaS Security? A Practical Guide 2026 What Is a Man-in-the-Middle Attack? A Cloud Security Guide What Is Open Policy Agent? Best Practices and Use Cases 11 Best Open-Source DevSecOps Tools for 2026 How to Secure AI Workloads in Multi-Cloud Environments: A Complete Framework Critical WordPress Plugin Vulnerability Allows Unauthenticated Admin Takeover on 150K Sites What Is Kubernetes as a Service? KaaS Explained Critical Netlogon RCE Flaw Actively Exploited Against Windows Domain Controllers Your FedRAMP Continuous Monitoring Strategy Has a Gap. We Built Something to Fix It. How to Simplify Multi-Cloud Compliance Reporting: The 2026 Checklist Red Hat npm Packages Compromised in Supply-Chain Attack Spreading Credential-Stealing Worm Critical RCE in LiquidJS Lets Attackers Execute Arbitrary Commands on Unpatched Hosts Securing Shadow AI: How to Detect Unapproved LLMs in Your Cloud Data Security Posture Management (DSPM) for AI Gitea Container Registry Exposes Private Images to Unauthenticated Attackers Critical Unauthenticated RCE in Kopia Backup via SSH ProxyCommand Injection Best Palo Alto Networks Cortex (Prisma Cloud) Alternatives in 2026 7 Enterprise AI Security Risks to Manage Critical Pre-Auth RCE in ChromaDB Threatens AI Infrastructure Critical Coder Signature Bypass Exposes Developer Keys and Tokens New “PoolSlip” NGINX Exploit Revives Unpatched Remote Code Execution Risk Critical Drupal SQL Injection Exposes PostgreSQL-Backed Sites to Remote Code Execution AI Security Tools: How to Evaluate Them Across Every ML Attack Phase Massive npm Supply Chain Attack Compromises AntV Ecosystem, Steals CI/CD Secrets at Scale NIST AI Risk Management Framework (AI RMF) Explained: What It Is and How Organizations Use It The AI Data You Forgot to Lock: How Exposed Vector Databases Put Organizations at Risk GenAI Risks in Cloud Environments: What Security Teams Are Actually Missing in 2026 What Is Multi-Cloud Security? What Is Cloud Detection and Response (CDR)? Linux kernel vulnerability enables local theft of SSH host keys and /etc/shadow Announcing Cloud Security Agent Skills for Orca’s MCP Server TanStack and 160+ npm/PyPI Packages Compromised in Supply Chain Worm Attack Dirty Frag: Linux Kernel Vulnerability Chain Enables Local Privilege Escalation to Root Critical Apache HTTP Server HTTP/2 Vulnerability Could Enable Remote Code Execution Skill Issues: How We Discovered Supply Chain Attack Vectors in an AI Agent Skills Marketplace What Is an Incident Response Plan? What Is Cloud Data Security? Risks, Challenges, and 12 Best Practices Remote Code Execution in GitHub Enterprise Server via Git Push Injection (CVE-2026-3854) Linux Kernel Bug (Copy.Fail) Enables Local Privilege Escalation to Root (CVE-2026-31431) Xinference PyPI package compromise leads to full environment takeover What is Application Security? When AI Accelerates the Offense, Coverage Gaps Become Catastrophic Orca Security Recognized in the 2026 TAG Enterprise AI Security Handbook Navigating Cloud Security in 2026: Join Cloud Security LIVE Anthropic’s Project Glasswing Is a Positive Step Toward Cleaner, Safer Production Kyverno SSRF: Breaking Kubernetes Namespace Isolation (CVE-2026-4789) Streamline Compliance Reporting with Orca and Drata’s Integrated Vulnerability Management CVE-2026-23226: How a Missing Lock in ksmbd’s Channel List Exposes Your Linux SMB3 Server 2026 State of AppSec: When Development Velocity Outpaces Security AI Is Entering Your Infrastructure. Now what? Orca Security Featured in SACR’s 2026 Unified Agentic Defense Platforms Report Supply Chain Attack on Axios Delivers Cross-Platform RAT via Compromised npm Account Credential‑Stealing Malware in LiteLLM Supply Chain Attack Mission Accomplished: Orchestrate Your Remediation Strategy With Orca Missions The Orca Approach to Runtime AI Security
18-Year-Old NGINX Rewrite Module Flaw Enables Unauthenticated DoS and Potential RCE
Roi Nisimi · 2026-05-14 · via Orca Security

A critical vulnerability (CVE-2026-42945, CVSS 9.2) was disclosed affecting NGINX Open Source and NGINX Plus, allowing attackers to reliably trigger denial-of-service (DoS) conditions and potentially achieve remote code execution (RCE) via specially crafted HTTP requests. Due to the potential for widespread disruption across internet-facing applications and ingress infrastructure, immediate patching is strongly recommended.

Technical Root Cause

The issue originates from the ngx_http_rewrite_module, where improper handling of unnamed PCRE captures combined with rewrite directives and replacement strings containing a question mark (?) leads to a heap buffer overflow in the NGINX worker process. By sending crafted HTTP requests, attackers can reliably crash NGINX worker processes through heap memory corruption, resulting in denial of service, while certain environments may also be susceptible to remote code execution. No authentication is required to exploit this issue.

Affected Products and Versions

The following components are affected: NGINX Open Source versions 1.0.0 through 1.30.0, NGINX Plus R32 through R36, as well as several dependent products including NGINX Ingress Controller, NGINX Gateway Fabric, NGINX App Protect WAF, F5 WAF for NGINX, and related DoS protection offerings. The vulnerability is particularly dangerous in deployments utilizing rewrite, if, or set directives with unnamed regex captures such as $1 or $2.

Users should upgrade to NGINX Open Source 1.30.1 or 1.31.0 and NGINX Plus R32 P6 or R36 P4. If immediate patching is not possible, organizations should replace unnamed captures with named captures in affected rewrite directives as a temporary mitigation.

Exploitation Risk and Threat Outlook

At the time of writing, a public GitHub proof-of-concept (PoC) exploit has already been released, significantly increasing the likelihood of opportunistic exploitation attempts and rapid weaponization by threat actors. While no confirmed in-the-wild exploitation has been publicly reported yet, the combination of public exploit availability, unauthenticated attack surface, and the ubiquity of NGINX in production environments makes this vulnerability especially dangerous for internet-facing applications and Kubernetes ingress deployments.

Potential Business Impact

Successful exploitation can reliably cause repeated worker crashes and service instability. In some environments, attackers may also be able to leverage the heap corruption for arbitrary code execution, potentially leading to service disruption, traffic manipulation, sensitive data exposure, or deeper infrastructure compromise. While some reports note that reliable RCE may be easier on systems where ASLR is disabled, attackers do not necessarily require ASLR to be turned off. Sophisticated exploitation techniques may combine heap corruption with memory disclosure vulnerabilities, heap grooming, or other environment-specific methods to bypass memory protection mechanisms and achieve code execution on hardened systems.

UPDATE May 15, 2026

Our team successfully demonstrated a Proof of Concept (PoC) for CVE-2026-42945, exploiting an 18-year-old heap buffer overflow in NGINX’s rewrite module to achieve an unauthenticated remote Denial of Service (DoS). Executing the attack against a fully patched Ubuntu instance running NGINX 1.28.3 with modern exploit mitigations enabled, we required only standard Python sockets and a single, precisely crafted HTTP GET request. By sending a payload of 349 safe padding bytes followed by 2,000 URI-escapable characters (such as +), our exploit leveraged a state mismatch in the script engine to trigger a deterministic 4,000-byte heap overflow. This successfully bypassed built-in mitigations and corrupted adjacent glibc heap metadata, forcing the targeted worker process to abort.


The execution of our PoC proved highly effective, resulting in immediate worker process crashes and demonstrating our capacity to launch a sustained DoS attack against all clients. During a single-round attack that we initiated over the public internet, just three exploit requests successfully killed multiple NGINX workers simultaneously, failing four out of five subsequent health checks. When we set our script to a continuous loop, the PoC maintained a complete service disruption by crashing worker processes faster than the NGINX master process could respawn them. The success of our exploit was fully corroborated by our target’s server-side error logs, which recorded rapid PID cycling alongside fatal glibc heap corruption alerts and immediate SIGABRT worker terminations.

How can Orca help?

Orca enables customers to quickly identify assets running vulnerable NGINX versions, understand their exposure in context — including internet accessibility, runtime reachability, and asset criticality — and prioritize remediation based on real risk rather than CVSS alone. Orca’s platform highlights affected assets directly in the newItem view, helping security teams focus on the most critical remediation paths first.

Orca Security platform alert for a critical NGINX rewrite module flaw (CVE-2026-42945) enabling unauthenticated remote code execution (RCE).