https://cybercrime.club/tags/rewrite-module/Infrastructure security news for people who build infrastructure.Hugo -- gohugo.ioen-usFri, 15 May 2026 11:09:25 -0400https://cybercrime.club/posts/nginx-rift-cve-2026-42945-rewrite-module-heap-overflow-rce/Fri, 15 May 2026 11:09:25 -0400https://cybercrime.club/posts/nginx-rift-cve-2026-42945-rewrite-module-heap-overflow-rce/CVE-2026-42945 is a CVSS 9.2 heap buffer overflow in ngx_http_rewrite_module that has lived in NGINX since 2008. A working unauthenticated RCE PoC is public; reachability hinges on a specific rewrite-directive pattern most prod configs actually contain.vulnerabilities