RC RANDOM CHAOS

cve-2026-42945

5 posts

A few bytes spill onto the next heap chunk
Article

A few bytes spill onto the next heap chunk

Technical writeup of CVE-2026-42945, the NGINX rewrite module heap overflow, plus what it means for LLM deployments sitting behind the proxy.

An NGINX worker just crashed in production
Article

An NGINX worker just crashed in production

Board-level briefing on NGINX CVE-2026-42945: confirmed in-the-wild exploitation, edge exposure, control failure at runtime, and what must be established.

NGINX ships emergency patch for HTTP/3 heap overflow
Article

NGINX ships emergency patch for HTTP/3 heap overflow

CVE-2026-42945 technical analysis: heap overflow in NGINX HTTP/3 HEADERS frame parsing, worker RCE primitive, telemetry gaps, and patch boundary.

Patching nginx doesn't close this one
Article

Patching nginx doesn't close this one

CVE-2026-42945 NGINX rewrite module heap buffer overflow: bug mechanism, exploit primitives, MITRE mapping, and EDR telemetry blind spots in worker exploitation.

NGINX rewrite module bleeds memory
Article

NGINX rewrite module bleeds memory

CVE-2026-42945 places a heap buffer overflow inside NGINX's rewrite module, on the request path. Defect class confirmed. Impact not confirmed.