Nebula Security — Vega AI Discovers nginx-poolslip Zero-Day RCE in Patched nginx 1.31.0

AI relevance: nginx is the dominant reverse proxy and model-serving gateway for AI infrastructure (LLM APIs, vLLM, Open WebUI), and an autonomous AI security agent has now found a second unpatched RCE in the version that was patched just days earlier — demonstrating that AI-driven vuln discovery is already outpacing human remediation cycles.

What happened

• nginx-poolslip is a new remote code execution zero-day affecting nginx 1.31.0 — the very release shipped May 13, 2026 to patch the earlier CVE-2026-42945 (NGINX Rift) buffer-overflow vulnerability.
• Discovered and publicly disclosed on May 20, 2026 by Nebula Security (NebSec), which attributes the find to Vega, its autonomous AI security research agent.
• The vulnerability targets the same ngx_pool_t internal memory management structure as Rift, but uses a different trigger path not covered by the May 13 patch.
• Nebula's disclosure includes a full technical writeup with an ASLR bypass, following a Project Zero-style 30-day deadline after the next upstream patch ships.
• The disclosure was immediately amplified by The Hacker News, Artem Russakovskii (Android Police), and multiple security researchers.
• This is the second AI-discovered nginx zero-day in eight days — following the Rift discovery (CVE-2026-42945) found by the depthfirst team's LLM agent.
• Administrators who updated to 1.31.0 to close Rift are now vulnerable again with no official fix available.

Why it matters

• AI model-serving stacks (vLLM, LiteLLM, Open WebUI, OpenClaw gateway proxies) overwhelmingly use nginx as the TLS termination and routing layer. Any RCE at that level compromises all upstream models and APIs.
• Two consecutive AI-discovered zero-days in the same product in eight days signal that autonomous vuln research is no longer experimental — it's production-grade and accelerating.
• The AI discovery cadence (days) now exceeds the vendor patch cadency (weeks), creating a widening window of unpatched exposure.
• The "whack-a-mole" patching pattern — fixing one trigger path while others remain — suggests deeper architectural review is needed for the nginx rewrite/SSLP module memory handling.

What to do

• Do not rely on 1.31.0 alone — it is now confirmed vulnerable to a second RCE chain.
• Layer nginx behind a WAF with request-body inspection and anomaly detection for unusual URI patterns targeting pool-allocation paths.
• Consider deploying eBPF-based runtime monitoring (Falco, Tetragon) to detect anomalous system() calls from nginx worker processes.
• Run nginx workers under strict seccomp/AppArmor profiles that block outbound network and shell execution.
• Watch the Nebula Security Twitter account (@nebusecurity) and the nginx mailing list for patch ETA.

Sources

• nginx-poolslip: New Zero-Day RCE in nginx 1.31.0 Found by Vega AI
• New NGINX 0-Day RCE "nginx-poolslip" Affects Millions of NGINX Servers
• Nebula Security announcement on X
• 18-Year-Old NGINX Rewrite Module Flaw Enables Unauthenticated RCE