TECH NEWS

PoC Code Published for Critical NGINX Vulnerability

https://www.securityweek.com/wp-content/uploads/2026/05/Nginx.jpeg

Technical details and proof-of-concept (PoC) exploit code targeting a newly patched critical-severity vulnerability in NGINX are now available.

Tracked as CVE-2026-42945 (CVSS score of 9.2), the issue was patched in the widely used web server this week as part of F5’s latest quarterly patch release, 16 years after it was introduced.

The bug is described as a heap buffer overflow in the ngx_http_rewrite_module component that could be exploited to trigger a restart, creating a denial-of-service (DoS) condition.

Remote code execution (RCE) is also possible if Address Space Layout Randomization (ASLR) is disabled, F5 warned.

According to Depthfirst, CVE-2026-42945 impacts NGINX servers using rewrite and set directives and is rooted in the use of a two-pass process in the script engine: one to compute the required buffer size, and the other to copy data.

Because the internal engine state changes between the two passes, if a rewrite replacement that...

Copyright of this story solely belongs to securityweek.com. To see the full text click HERE

Read more

https://www.eu-startups.com/wp-content/uploads/2026/05/Untitled-design-2026-05-19T165310.544.jpg

Berlin-based bunch, an AI-native platform for managers and institutional investors to manage the entire fund lifecycle, raised a €30.1M Series B led by Portage

Sponsor Posts Niantic Spatial: World models need real-world data — Scaniverse is the gateway to spatial services — self-serve and built for AI and robotics. Large-area 3D reconstruction from 360° cameras and precise localization, anywhere machines operate. Protecting your Cloud Applications Data — Backing up Office 365, Google Workspace, Dropbox & Salesforce data