Exploitation of Critical NGINX Vulnerability Begins

As VulnCheck points out, the bug can be exploited remotely, without authentication, via crafted HTTP requests, but requires a specificrewriteconfiguration.While crashing the NGINX worker process is fairly trivial with a single crafted request, achieving RCE is more difficult, as most deployments have ASLR enabled by default.“Our Censys query surfaces roughly 5.7M internet-exposed NGINX servers running a potentially vulnerable version, though the truly exploitable population is likely to be a much smaller subset of those,” VulnChecksays.The vulnerability demands urgent attention, security researcherswarn. Wider exploitation attempts against vulnerable deployments are to be expected, especially since the public PoC can be used to disable ASLR and achieve RCE.Related:Microsoft Warns of Exchange Server Zero-Day Exploited in the WildRelated:Cisco Patches Another SD-WAN Zero-Day, the Sixth Exploited in 2026Related:New ‘Dirty Frag’ Linux Vulnerability Possibly Exploited in AttacksRelated:Ivanti Patches EPMM Zero-Day Exploited in Targeted Attacks

While crashing the NGINX worker process is fairly trivial with a single crafted request, achieving RCE is more difficult, as most deployments have ASLR enabled by default.“Our Censys query surfaces roughly 5.7M internet-exposed NGINX servers running a potentially vulnerable version, though the truly exploitable population is likely to be a much smaller subset of those,” VulnChecksays.The vulnerability demands urgent attention, security researcherswarn. Wider exploitation attempts against vulnerable deployments are to be expected, especially since the public PoC can be used to disable ASLR and achieve RCE.Related:Microsoft Warns of Exchange Server Zero-Day Exploited in the WildRelated:Cisco Patches Another SD-WAN Zero-Day, the Sixth Exploited in 2026Related:New ‘Dirty Frag’ Linux Vulnerability Possibly Exploited in AttacksRelated:Ivanti Patches EPMM Zero-Day Exploited in Targeted Attacks

“Our Censys query surfaces roughly 5.7M internet-exposed NGINX servers running a potentially vulnerable version, though the truly exploitable population is likely to be a much smaller subset of those,” VulnChecksays.The vulnerability demands urgent attention, security researcherswarn. Wider exploitation attempts against vulnerable deployments are to be expected, especially since the public PoC can be used to disable ASLR and achieve RCE.Related:Microsoft Warns of Exchange Server Zero-Day Exploited in the WildRelated:Cisco Patches Another SD-WAN Zero-Day, the Sixth Exploited in 2026Related:New ‘Dirty Frag’ Linux Vulnerability Possibly Exploited in AttacksRelated:Ivanti Patches EPMM Zero-Day Exploited in Targeted Attacks

The vulnerability demands urgent attention, security researcherswarn. Wider exploitation attempts against vulnerable deployments are to be expected, especially since the public PoC can be used to disable ASLR and achieve RCE.Related:Microsoft Warns of Exchange Server Zero-Day Exploited in the WildRelated:Cisco Patches Another SD-WAN Zero-Day, the Sixth Exploited in 2026Related:New ‘Dirty Frag’ Linux Vulnerability Possibly Exploited in AttacksRelated:Ivanti Patches EPMM Zero-Day Exploited in Targeted Attacks

Related:Microsoft Warns of Exchange Server Zero-Day Exploited in the WildRelated:Cisco Patches Another SD-WAN Zero-Day, the Sixth Exploited in 2026Related:New ‘Dirty Frag’ Linux Vulnerability Possibly Exploited in AttacksRelated:Ivanti Patches EPMM Zero-Day Exploited in Targeted Attacks

Related:Cisco Patches Another SD-WAN Zero-Day, the Sixth Exploited in 2026Related:New ‘Dirty Frag’ Linux Vulnerability Possibly Exploited in AttacksRelated:Ivanti Patches EPMM Zero-Day Exploited in Targeted Attacks

Related:New ‘Dirty Frag’ Linux Vulnerability Possibly Exploited in AttacksRelated:Ivanti Patches EPMM Zero-Day Exploited in Targeted Attacks

Related:Ivanti Patches EPMM Zero-Day Exploited in Targeted Attacks

Ionut Arghire is an international correspondent for SecurityWeek.

Organizations are investing heavily in third-party risk management, but breaches, delays, and blind spots continue to persist. Join this live webinar as we examine the gap between how organizations think their third-party risk programs are performing and what’s actually happening in practice.

Source: SecurityWeek