F5 Addresses 18-Year-Old AI-Identified ‘Rift’ Weakness in NGINX Web Server
We independently review everything we recommend. When you buy through our links, we may earn a commission which is paid directly to our Australia-based writers, editors, and support staff. Thank you for your support!
F5 Resolves Critical AI-Identified Vulnerability in NGINX
Quick Overview
- F5 addresses a significant memory corruption issue in NGINX.
- The flaw, dubbed NGINX Rift, is cataloged as CVE-2026-42945.
- With a CVSS 4.0 rating of 9.2/10, it has the potential for remote code execution.
- Impacts NGINX Open Source 0.6.27 to 1.30.0 and NGINX Plus R32 to R36.
- Patch updates are provided to resolve the issue.
- An AI scanner from Depthfirst uncovered the vulnerability within the NGINX rewrite module.
Overview of the NGINX Rift Vulnerability
F5, the entity behind NGINX, has recently fixed a serious vulnerability discovered through AI advancements. This defect, referred to as NGINX Rift, constitutes a memory corruption flaw that could enable remote code execution (RCE) under certain circumstances. This finding highlights the increasing significance of AI in enhancing cybersecurity.
Vulnerability Insights and Consequences
The NGINX Rift flaw is located in the NGINX rewrite module and can be triggered by specific setups, such as PHP front controllers and WordPress permalinks. Scoring 9.2 on the CVSS 4.0 scale, this vulnerability presents a risk for RCE, endangering the security of affected systems.
Technical Obstacles and Solutions
Even though the RCE risk is present, leveraging the vulnerability is made challenging by memory address space layout randomization (ASLR). ASLR serves as a security mechanism in contemporary operating systems, and its absence may facilitate easier exploitation. However, Depthfirst’s proof-of-concept necessitated turning off ASLR, which confines practical exploitation mainly to denial of service (DoS) attacks.
Patch Access and Affected Versions
F5 has issued patches for the impacted versions, including NGINX Open Source 0.6.27 to 1.30.0 and NGINX Plus R32 to R36. Users are highly recommended to upgrade to the latest versions: 1.30.1, 1.31.0, and NGINX Plus R32 P6, R35 P2, R36 P4.
Conclusion
In view of this critical discovery, organizations utilizing NGINX should make updating their systems a top priority. The identification of the NGINX Rift vulnerability highlights the advancing role of AI in recognizing security threats and the importance of proactive cybersecurity strategies.
Reader questions
Frequently asked questions
Fast answers to the questions readers ask most about F5 Addresses 18-Year-Old AI-Identified 'Rift' Weakness in NGINX Web Server.
What is the NGINX Rift vulnerability?
It is a significant memory corruption flaw in the NGINX rewrite module, which could potentially lead to remote code execution.
How was the vulnerability identified?
The flaw was uncovered using an AI scanner from the security firm Depthfirst.
Which systems are impacted by this vulnerability?
Affected systems consist of NGINX Open Source versions 0.6.27 to 1.30.0 and NGINX Plus R32 to R36.
How can organizations safeguard themselves?
Organizations should upgrade to the patched versions: 1.30.1, 1.31.0, and NGINX Plus R32 P6, R35 P2, R36 P4.
Is it easy to exploit this vulnerability?
Exploitation of this vulnerability is not simple due to the ASLR protections, making reliable RCE less probable.
What should organizations do if immediate patching isn't feasible?
They should assess their configurations and implement any available mitigations to reduce exposure until patches can be applied.
