Oznámení
- Pátek, 15čt Květen, 2026
- 01:47jsem
There is currently a critical security event affecting NGINX known as "NGINX Rift" (CVE-2026-42945), which allows for remote code execution (RCE) and denial of service (DoS). [1, 2]
If you are facing a technical issue with NGINX, here is a summary of recent major bugs and troubleshooting steps:
1. Critical Security Vulnerabilities (May 2026)
- CVE-2026-42945 (NGINX Rift): A heap buffer overflow in the
ngx_http_rewrite_modulethat has existed for 18 years. - CVE-2026-33032 (MCPwn): A critical authentication bypass in nginx-ui (web-based management tool) currently being actively exploited to take over servers.
- Action Required: Upgrade to NGINX Open Source 1.30.1 or 1.31.0 immediately. [1, 2, 3, 4, 5]
2. Common Operational Issues
If your NGINX service isn't working as expected, check these common areas:
- Syntax Errors: Run
sudo nginx -tto check for typos in your configuration files. - 502 Bad Gateway: Usually means the backend service (like PHP-FPM or a Node.js app) is down or unresponsive.
- Permission Denied: Ensure the NGINX user has read/execute permissions for your web files and write permissions for log directories.
- Log Locations: Check
/var/log/nginx/error.logfor specific error messages that explain why a reload or startup failed. [1, 2, 3, 4, 5]
3. Platform-Specific Issues
- Ingress NGINX (Kubernetes): Maintenance for this project is scheduled to cease in March 2026, and users are encouraged to migrate to other solutions.
- Nginx Proxy Manager: Version 2.14.0 has reported issues with network stack instability on Ubuntu 24 LTS; reverting to 2.13.7 may resolve connectivity problems. [1, 2, 3, 4]
For a more specific solution, please provide the exact error message or behavior you are seeing.