Ctrl + K
/ news / CVE
CVEPublished 2026-05-13Modified 2026-05-130 articles on news6 live referencesNVD data

CVE-2026-42946

Vulnerability data via NVD (ingested)

CVSS v3.1
6.5
MEDIUM
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:L
EPSS percentile
Weaknesses (CWE)
CWE-789Memory Allocation with Excessive Size ValueCWE-823Use of Out-of-range Pointer Offset
Description

A vulnerability exists in the ngx_http_scgi_module and ngx_http_uwsgi_module modules that may result in excessive memory allocation or an over-read of data. When scgi_pass or uwsgi_pass is configured, an unauthenticated attacker with man-in-the-middle (MITM) ability to control responses from an upstream server may be able to read the memory of the NGINX worker process or restart it.  Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

Timeline
Published 2026-05-13
Modified 2026-05-13

External references

NVDMITREExploit-DBGitHub PoCSploitusVulnCheck

Search for exposed instances

Shodan + Censys queries derived from NVD's CPE data. The vuln tag catches assets Shodan has explicitly linked to this CVE; the product / banner fingerprints find exposed instances even when the vuln tag was never applied (which is common).

Shodan · vuln tag0 hosts
vuln:CVE-2026-42946
Hosts Shodan has explicitly fingerprinted as vulnerable.
More intel sources (5)
Shodan report
vuln:CVE-2026-42946
Country / ASN / product breakdown for the vuln query.
Censys
vulnerabilities.cve_id: CVE-2026-42946
Censys host search filtered to this CVE id.
grep.app
CVE-2026-42946
Public source-code mentions — fast PoC discovery.
GitHub code
CVE-2026-42946
GitHub code search for direct mentions.
Google dork
"CVE-2026-42946" exploit -site:nvd.nist.gov
Write-ups and news, NVD excluded.

Known PoCs on GitHub (8)

CVE-2026-429468 repos
DepthFirstDisclosures/Nginx-RiftPython
exploit for CVE-2026-42945
★ 841·updated 3w ago
Hamid-K/nginx-rift-private-labPython
Private Nginx Rift ASLR lab, exploit chain, and demo recordings
★ 75·updated 2w ago
DarkFunct/TK-CVE-RepoPython
TK-CVE-Repo
★ 50·updated 2d ago
lowphpcom/wnmpShell
WNMP One‑Click Stack | WebDAV · Nginx · PHP · MariaDB · Kernel Tuning
★ 25·updated 2d ago
p3Nt3st3r-sTAr/CVE-2026-42945-POCPython
★ 15·updated 3w ago
MateusVerass/nGixshellPython
nginx CVE scanner + RCE exploit framework (CVE-2026-42945 + 16 others)
★ 14·updated 3w ago
bamov970/CVE-2026-42945-Nginx-RCE-bypass-ASLRPython
CVE-2026-42945 turns a 17-year-old NGINX rewrite bug into remote code execution — even with ASLR on, by chaining the heap overflow with live worker memory read through a common fil…
★ 4·updated 2w ago
jelasin/CVE-2026-42945Python
★ 3·updated 3w ago
We haven't classified any articles referencing CVE-2026-42946 yet. The external references above still apply.