Update your nginx instances
cross-posted from: https://lemmy.world/post/46851448
- Affected an non-affected versions https://nginx.org/en/security_advisories.html
- CVE record https://www.cve.org/CVERecord?id=CVE-2026-42945
- CVE details https://nvd.nist.gov/vuln/detail/CVE-2026-42945
- PoC https://github.com/DepthFirstDisclosures/Nginx-Rift
CVE - Common Vulnerabilities and Exposures system
RCE - Remote Code Execution
PoC - Proof of Concept
Yep. I wasn’t affected thankfully. Didn’t realise I was flexing, sorry. Just happy most of my stack is automated and it’s quite low maintenance at this point.
Where do I draw the line then? Serious question. If updating every couple hours is bad, then what’s safe?
for corporate services we do every 30 days. which is standard. emergency patches get direct support and resolved quickly.