NGINX rift: We autonomously discovered this 18 yr old heap overflow (CVE-2026-42945) in @nginx impacting version 0.6.27 to 1.30.0. If you use rewrite and set directive, you maybe impacted! Please update your NGINX or change the config to mitigate it. Read more at

Introducing nginx-poolslip, a fresh RCE for the the latest nginx release 1.31.0. nginx-rift has been patched, but our security agent Vega has found a new 0 day. We will release the full technical writeup with ASLR bypass 30 days after the patch on

Regarding HTTP is hard to parse - but it's not that hard. Maybe this is little known, but one of the critical pieces that allowed Node to succeed was a little http 1.1 parser I wrote painstakingly by hand (with heavy inspo from Mongrel and NGINX). I am still quite proud of it. You can see the first version here: But HTTP parsing is a solved problem now. Even if your language didn't have an HTTP parser - which is very unlikely - you could vibe it up quickly. We really don't need to re-serialize it to FastCGI.