{"data":{"id":"9a855c4b-9af8-4b8d-9b6c-d3a8edfd8a76","title":"AI agent finds 18-year-old remote code execution flaw in Nginx","summary":"Researchers using an AI model discovered a critical 18-year-old flaw in Nginx (a web server that powers about one-third of all websites) called a heap buffer overflow (a type of memory corruption bug where data overwrites adjacent memory). The vulnerability, tracked as CVE-2026-42945 with a 9.2 severity score, can crash servers or potentially allow attackers to run malicious code, especially on systems with ASLR (Address Space Layout Randomization, a security feature that randomizes memory locations) disabled.","solution":"Upgrade to patched versions: Nginx 1.31.0 or 1.30.1 for the open-source version, or Nginx Plus versions R36 P4, R32 P6, or 37.0.0 for the commercial product. The source notes that users should 'upgrade to a patched version as soon as possible' since exploit code has been published publicly and past Nginx vulnerabilities have been actively exploited by attackers.","labels":["security","research"],"sourceUrl":"https://www.csoonline.com/article/4171437/ai-agent-finds-18-year-old-remote-code-execution-flaw-in-nginx.html","publishedAt":"2026-05-14T23:06:50.000Z","cveId":null,"cweIds":null,"cvssScore":null,"cvssSeverity":null,"severity":"high","attackType":[],"issueType":"news","affectedPackages":null,"affectedVendors":[],"affectedVendorsRaw":["DepthFirst AI","F5","Nginx"],"classifierModel":"claude-haiku-4-5-20251001","classifierPromptVersion":"v3","cvssVector":null,"attackVector":null,"attackComplexity":null,"privilegesRequired":null,"userInteraction":null,"exploitMaturity":null,"epssScore":null,"patchAvailable":null,"disclosureDate":"2026-05-14T23:06:50.000Z","capecIds":null,"crossRefCount":0,"attackSophistication":"moderate","impactType":["integrity","availability"],"aiComponentTargeted":null,"llmSpecific":false,"classifierConfidence":0.75,"researchCategory":null,"atlasIds":null}}