cross-posted from: https://lemmy.world/post/46851448
- Affected an non-affected versions https://nginx.org/en/security_advisories.html
- CVE details https://nvd.nist.gov/vuln/detail/CVE-2026-42945
- PoC https://github.com/DepthFirstDisclosures/Nginx-Rift
cross-posted from: https://lemmy.world/post/46851448
I have an old Debian 11 “bullseye” installation running on one of my servers. It’s stuck at nginx 1.18.0, but it should theoretically still be covered by Debian 11 LTS security updates, right? https://wiki.debian.org/LTS/Using
nginx/oldoldstable-security,now 1.18.0-6.1+deb11u5Probably yeah https://security-tracker.debian.org/tracker/CVE-2026-42945