InfoSecBulletin Cybersecurity for mankind
A security flaw dubbed nginx-poolslip has been revealed in NGINX version 1.31.0, the newest stable version of the most used web server software. The discovery, made by security researcher Vega of the NebSec security team, was announced via X (formerly Twitter) on May 21, 2026, sending shockwaves through the global security community.
LastPass says hackers stole customer data via Klue, supply chain breach
New Apple Exploit Bypasses Boot Defenses, Possibly Affects Millions of iPhones Worldwide
India’s Tata Electronics hit by cyber breach: Hacker target 630 GB record
Anthropic’s Mythos reportedly broke NSA classified systems in hours
OpenAI New Method “Deployment Simulation” Predicts AI Risks Before Deployment
AryStinger botnet infected thousands of D-Link routers globally
Hacker suspected of sending alerts across Brazil
CyberSentinel AI features 33 security tools like Nmap, SQLMap, and ZAP, utilizing Claude and GPT
Barracuda hosts Dhaka roundtable on cyber resilience
CISA Alerts Fortinet Users as FortiBleed Affects 86,644 FortiGate Devices
Just weeks ago, managers all over the world rushed to fix CVE-2026-42945. This is a serious flaw in NGINX’s ngx_http_rewrite_module with a CVSS v4 score of 9.2.
The flaw put about 5.7 million internet-facing NGINX servers at risk of denial-of-service attacks and conditional RCE. F5 fixed it in NGINX Open Source versions 1.31.0 and 1.30.1, which is the version that nginx-poolslip is aiming for.
New NGINX 0-Day “nginx-poolslip”
nginx-poolslip takes advantage of a mistake in how NGINX manages its memory. This lets attackers who are not logged in run code from a distance and might take over the whole system.
This flaw allows users to get around Address Space Layout Randomization (ASLR), which is a basic memory protection in the operating system meant to stop this type of memory corruption.
The attack surface traces back to an nginx-rift predecessor vulnerability, which affected earlier NGINX versions and was subsequently patched. NebSec’s research shows that the fix for nginx-rift did not solve the main memory pool issue. This means that nginx-poolslip could still appear in the new code.
NGINX runs around 30–40% of all web servers in the world. It is used for busy websites, reverse proxies, load balancers, and API gateways. nginx-poolslip only affects version 1.31.0, so admins quickly deployed the patch. After CVE-2026-42945, organizations that were careful might now face a new, unpatched risk.
CSN says there is no CVE ID given, and there is no official fix from F5/NGINX yet. NebSec will keep the full technical details secret for 30 days. This includes how to bypass ASLR until an official fix comes out.
Mitigations
Until an official patch is released, administrators should take the following interim measures:
Monitor NebSec and F5 security advisories closely for patch availability
Restrict public exposure of NGINX admin interfaces and deploy WAF rules to reduce the attack surface
Ensure ASLR is enforced system-wide by setting /proc/sys/kernel/randomize_va_space to 2Audit NGINX configurations for rewrite, if, and set directives using unnamed PCRE capture groups — a known precondition for pool-level memory corruption
Evaluate memory-safe alternatives such as Cloudflare Pingora for mission-critical infrastructure
Organizations are strongly advised to sign up for F5’s security updates and get ready for emergency patching as a quick fix is expected soon.
