A critical remote code execution vulnerability dubbed 'NGINX Rift' has been discovered in NGINX's rewrite scripting engine, where it has existed for over 18 years. The bug is a heap buffer overflow caused by incorrect state handling of question marks in rewrite replacement strings, leading to an undersized allocation followed by an out-of-bounds write. Exploitation for RCE requires a specific NGINX rewrite configuration (common in PHP apps) and disabled ASLR, making full RCE difficult in practice. However, denial-of-service attacks are viable even with memory protections enabled, as crashing worker processes forces repeated restarts. The vulnerability was discovered by an AI-powered autonomous scanner in just 6 hours, alongside three other bugs. Users should update to NGINX 1.27.4 / 1.26.3 or later. The post warns against dismissing the threat, noting that AI tools are accelerating vulnerability discovery and tightening disclosure windows.
Sort: