An 18-year-old flaw in the NGINX open-source web server, discovered using an autonomous scanning system, can be exploited for denial of service and, under certain conditions, remote code execution.
The vulnerability is tracked as CVE-2026-42945 and received a critical severity rating of 9.2, based on the latest version of the Common Vulnerability Scoring System (CVSS).
Three more memory corruption security issues were discovered in the same six-hour code scanning session by researchers at AI-native security company DepthFirst AI.
Webmaster’s note: “six-hour code scanning session” kill yourself. seriously jump onto interstate. this is what cybersecurity is going to be now. hey grok, hack PHP. make no mistakes. if i knew this is what AI was going to be used for i would’ve searched up sam altman’s address many moons ago