Home > Security Alerts > NGINX CVE-2026-42945 Exploited in the Wild, Causing Worker Crashes and Possible RCE

NGINX CVE-2026-42945 Exploited in the Wild, Causing Worker Crashes and Possible RCE

May 18, 2026 Monday

The vulnerability, tracked as CVE-2026-42945 (CVSS score: 9.2), is a heap buffer overflow in ngx_http_rewrite_module affecting NGINX versions 0.6.27 through 1.30.0, according to VulnCheck.

Latest News

Invitation to Complete the ITS Survey 2025–2026

Notice on Bulk Email Delivery

Release of DeepSeek-V4-Flash and DeepSeek-V4-Pro on HKU ChatGPT and HKU ITS Developer Portal

Facial Identity Access Expansion and New HKU App Registration (For HKU Students)

HKU App is now available on the Huawei AppGallery!

Popular Services:

uPrint
Study Rooms in Learning Commons
Software Download
HKU Virtual Private Network (HKUVPN)
Application

NGINX CVE-2026-42945 Exploited in the Wild, Causing Worker Crashes and Possible RCE

About Information Technology Services,
The University of Hong Kong

Alerts

Service Request & Support

NGINX CVE-2026-42945 Exploited in the Wild, Causing Worker Crashes and Possible RCE

About Information Technology Services, The University of Hong Kong

Alerts

Service Request & Support

About Information Technology Services,
The University of Hong Kong