ME News reports that on May 17 (UTC+8), the critical NGINX vulnerability CVE-2026-42945 was exploited by hackers. This vulnerability affects NGINX Open Source and NGINX Plus versions 0.6.27 through 1.30.0, potentially causing worker process crashes and enabling remote code execution (RCE) when ASLR protection is disabled. Charles Guillemet, CTO of Ledger, stated that fewer than 30% of servers may currently be running the latest NGINX version, as the vulnerability is spreading faster than IT teams can patch and upgrade. (Source: MLion)
NGINX High-Severity Vulnerability CVE-2026-42945 Exploited by Hackers
KuCoinFlashShare
Summary
A new vulnerability report from MetaEra reveals that hackers are exploiting CVE-2026-42945 in NGINX. The flaw affects NGINX Open Source and NGINX Plus versions 0.6.27 through 1.30.0, enabling remote code execution when ASLR is disabled. Ledger’s CTO, Charles Guillemet, stated that fewer than 30% of servers are running the latest NGINX version, with the vulnerability spreading faster than teams can apply patches. As the blockchain upgrade cycle continues, system security remains a top priority for operators.
Source:Show original
Disclaimer: The information on this page may have been obtained from third parties and does not necessarily reflect the views or opinions of KuCoin. This content is provided for general informational purposes only, without any representation or warranty of any kind, nor shall it be construed as financial or investment advice. KuCoin shall not be liable for any errors or omissions, or for any outcomes resulting from the use of this information.
Investments in digital assets can be risky. Please carefully evaluate the risks of a product and your risk tolerance based on your own financial circumstances. For more information, please refer to our Terms of Use and Risk Disclosure.