CVE-2026-42945, dubbed 'NGINX Rift', is a critical heap buffer overflow vulnerability in the NGINX HTTP rewrite module (ngxhttprewrite_module). It allows unauthenticated attackers to cause a Denial of Service (DoS) or potentially achieve Remote Code Execution (RCE) by sending crafted HTTP requests to servers configured with specific rewrite directives containing unnamed PCRE captures and a question mark.