Ethical Hacking News
Researchers have confirmed that the recently disclosed NGINX Rift vulnerability is already being exploited by malicious actors just days after its public disclosure. This 18-year-old bug, affecting both NGINX Open Source and NGINX Plus, poses a significant threat to system security and highlights the need for swift patching processes to protect vulnerable systems.
NGINX Rift is a severe vulnerability with a CVSS score of 9.2, affecting both NGINX Open Source and NGINX Plus. The bug was discovered in the rewrite module since 2008 and can be triggered by specially crafted HTTP requests under certain server configurations. Exploitation activity has been observed on canary systems just days after public disclosure, with an unauthenticated attacker able to crash the NGINX worker process. Code execution is possible if ASLR is disabled, but modern Linux defaults reduce the likelihood of successful real-world RCE. 5.7 million internet-exposed NGINX servers running potentially vulnerable versions have been identified through Censys scans. The discovery highlights concerns about patching processes and implementation speed. Organizations are advised to update vulnerable NGINX servers with the latest security patches and implement mitigating configurations.
NGINX Rift, an acronym synonymous with vulnerability and exploitation, has emerged as a pressing concern in the realm of cybersecurity. Dubbed as the "18-year-old flaw" that researchers say is already being probed and exploited just days after its disclosure, this newly disclosed NGINX bug dubbed "NGINX Rift," was assigned a CVSS score of 9.2. This severe vulnerability affects both NGINX Open Source and NGINX Plus, leaving many to wonder if the pace of technological advancements has outpaced the capabilities of cybersecurity experts.
Researchers at Depthfirst disclosed the bug last week, stating that this flaw had been sitting in NGINX's rewrite module since 2008. According to F5, which acquired NGINX in 2019, the flaw can be triggered by specially crafted HTTP requests under certain server configurations. In most cases, the result is a crashed worker process and a forced restart; however, systems running without standard Linux memory protections could potentially face code execution.
In light of this new vulnerability, many are left pondering whether the NGINX Rift exploits have been exploited by malicious actors in a matter of days following its public disclosure. Researchers at VulnCheck observed exploitation activity on their canary systems "just days after the CVE was published." Patrick Garrity from VulnCheck stated that an unauthenticated attacker can crash the NGINX worker process by sending crafted HTTP requests, and if ASLR is disabled – which, of course, is extremely unlikely – code execution is possible.
Kevin Beaumont, a security researcher, noted that while the bug is real, modern Linux defaults significantly reduce the likelihood of successful real-world RCE. "So, cool, sweet technical vuln – it's valid – but the RCE apocalypse ain't coming," Beaumont said. Even so, VulnCheck stated that Censys scans surfaced roughly 5.7 million internet-exposed NGINX servers running potentially vulnerable versions.
The discovery of this vulnerability highlights a pressing concern regarding the inadequacy of patching processes and how swiftly security patches are implemented by many organizations. According to Beaumont, attackers may be able to exploit this vulnerability with relative ease due to standard Linux memory protections. Moreover, researchers noted that only systems running without standard Linux memory protections could face code execution.
In light of the discovery of the NGINX Rift, many organizations are now being advised to take swift action in addressing this issue. This entails ensuring all vulnerable NGINX servers are updated with the latest security patches and that appropriate configurations be implemented to mitigate potential risks associated with this vulnerability.
In conclusion, the recent disclosure of the NGINX Rift has brought into focus a pressing concern regarding cybersecurity vulnerabilities in modern systems. As attackers continue to exploit these vulnerabilities, it is crucial for organizations to prioritize patching processes and implementing adequate security measures to protect their systems from potential exploitation.
Related Information:
https://www.ethicalhackingnews.com/articles/NGINX-Rift-The-Unrelenting-Pursuit-of-Vulnerability-by-Exploits-ehn.shtml
https://www.theregister.com/security/2026/05/18/nginx-rift-attackers-waste-no-time-targeting-exposed-servers/5241851
Published: Mon May 18 09:32:37 2026 by llama3.2 3B Q4_K_M
