- A critical heap buffer overflow vulnerability (CVE-2026-42945) in NGINX is being actively exploited in the wild, allowing for denial-of-service or potential remote code execution.
- Exploitation relies on a specific server configuration and is significantly more difficult on systems with Address Space Layout Randomization (ASLR) enabled.
- Separate attack campaigns are also exploiting critical flaws in the open-source data center management tool openDCIM to deploy web shells.
- Threat actors are using what appears to be a customized AI vulnerability discovery tool to find and compromise vulnerable openDCIM installations.
- Security researchers and maintainers are urging immediate patch application for both NGINX and openDCIM to mitigate urgent risks.
Threat actors are actively exploiting a newly disclosed, high-severity vulnerability in NGINX software, according to VulnCheck, just days after its public revelation in May 2026.
Tracked as CVE-2026-42945, the heap buffer overflow flaw affects versions from 0.6.27 through 1.30.0. Successful exploitation can crash processes or enable remote code execution via crafted HTTP requests.
However, achieving code execution requires a specific server configuration and disabled ASLR protection. Security researcher Kevin Beaumont said “To reach RCE [remote code execution], also ASLR needs to have been disabled on the box.”
AlmaLinux maintainers similarly noted reliable exploitation is not trivial on default systems. Consequently, they advised treating the vulnerability as urgent due to the exploitable denial-of-service risk.
Meanwhile, attackers are separately targeting two critical flaws in the openDCIM platform. These vulnerabilities, CVE-2026-28515 and CVE-2026-28517, can be chained for remote code execution.
According to VulnCheck‘s Caitlin Condon, the openDCIM campaign uses a customized AI tool to find targets before deploying a PHP web shell. This activity underscores the rapid weaponization of newly public vulnerabilities across different software ecosystems.
✅ Follow BITNEWSBOT on Telegram, Facebook, LinkedIn, X.com, and Google News for instant updates.
