Nginx rift exploit disclosed, affects versions before 1.23.2

The Nginx-Rift exploit has been publicly released on GitHub by DepthFirstDisclosures, enabling remote code execution on unpatched Nginx servers [GitHub Blog]. The vulnerability affects all Nginx versions prior to 1.23.2, which patched the flaw.

Nginx-Rift exploits a critical logic flaw in how the server handles specially crafted HTTP/2 requests, allowing attackers to execute arbitrary code with the privileges of the Nginx process. The exploit does not require authentication and can be triggered over the network, making it a high-severity threat for exposed servers [GitHub Blog].

The exploit code is now publicly accessible, lowering the barrier for attackers to target vulnerable systems. At least Debian 11 and Ubuntu 22.04 LTS deployments running default Nginx packages before 1.23.2 are confirmed at risk. Cloud providers including AWS and Google Cloud have issued alerts urging immediate patching.

Organizations running Nginx in production must upgrade to version 1.23.2 or later. No mitigations exist short of disabling HTTP/2 or blocking traffic at the firewall, both of which impact service functionality. The patch has been backported to select long-term support distributions, but full coverage remains inconsistent.

This disclosure follows a trend of high-impact infrastructure exploits emerging from independent security researchers who bypass traditional disclosure channels. Unlike coordinated CVE releases, public drop dates are unpredictable, forcing teams into reactive patching cycles.