Nginx UI < 2.3.3 - Information Disclosure

Nginx UI 2.3.3 contains an information disclosure vulnerability caused by unauthenticated access to /api/backup endpoint exposing encryption keys in X-Backup-Security header, letting unauthenticated attackers download and decrypt full system backups. id: CVE-2026-27944 info: name: Nginx UI 2.3.3 ...

SOPlanning Cross-Site Scripting Vulnerabilities

SOPlanning is a set of online project management software developed by SOPlanning Company. Versions of SOPlanning 1.55 and earlier had a cross-site scripting vulnerability. This vulnerability stemmed from the /process/uploadbackup endpoint, which was vulnerable to storage-based cross-site scripti...

CVE-2018-25349 userSpice 4.3.24 Cross-Site Scripting via X-Forwarded-For Header

userSpice 4.3.24 contains a cross-site scripting vulnerability that allows attackers to inject malicious scripts through the X-Forwarded-For HTTP header. Attackers can send crafted requests to the backup.php endpoint with XSS payloads in the X-Forwarded-For header that execute when administrators...

Nginx-UI is Vulnerable to Unauthenticated Remote Code Execution via Backup Restore

nginx-ui exposes a backup restore endpoint POST /api/restore that is completely unauthenticated during the first 10 minutes after process startup on any fresh installation. An unauthenticated remote attacker can upload a crafted backup archive that overwrites the application's configuration file...

SUSE CVE-2026-27944

Nginx UI is a web user interface for the Nginx web server. Prior to version 2.3.3, the /api/backup endpoint is accessible without authentication and discloses the encryption keys required to decrypt the backup in the X-Backup-Security response header. This allows an unauthenticated attacker to...

VulnCheck KEV: CVE-2026-27944

Nginx UI is a web user interface for the Nginx web server. Prior to version 2.3.3, the /api/backup endpoint is accessible without authentication and discloses the encryption keys required to decrypt the backup in the X-Backup-Security response header. This allows an unauthenticated attacker to...

Arbitrary Code Injection

Overview Affected versions of this package are vulnerable to Arbitrary Code Injection in the exec.Command function via the compressionalgorithm parameter in API calls to the image and backup endpoints. An attacker can execute arbitrary commands as the LXD daemon by sending specially crafted...

CVE-2026-28384

An improper sanitization of the compressionalgorithm parameter in Canonical LXD allows an authenticated, unprivileged user to execute commands as the LXD daemon on the LXD server via API calls to the image and backup endpoints. This issue affected LXD from 4.12 through 6.6 and was fixed in the sn...

CVE-2026-28384 Authenticated RCE via unsanitized compression_algorithm

An improper sanitization of the compressionalgorithm parameter in Canonical LXD allows an authenticated, unprivileged user to execute commands as the LXD daemon on the LXD server via API calls to the image and backup endpoints. This issue affected LXD from 4.12 through 6.6 and was fixed in the sn...

EUVD-2026-11585

An improper sanitization of the compressionalgorithm parameter in Canonical LXD allows an authenticated, unprivileged user to execute commands as the LXD daemon on the LXD server via API calls to the image and backup endpoints. This issue affected LXD from 4.12 through 6.6 and was fixed in the sn...

CVE-2026-28384

CVE-2026-28384 : Canonical LXD contains an improper sanitization of the compression_algorithm parameter, allowing an authenticated, unprivileged user to execute commands as the LXD daemon on the LXD server via API calls to the image and backup endpoints. Affected: LXD releases 4.12–6.6. Mitigatio...

📄 Nginx UI 2.3.3 Unauthenticated Backup Disclosure / Decryption

This Python proof‑of‑concept demonstrates an unauthenticated information disclosure vulnerability in Nginx UI tracked as CVE-2026-27944. The vulnerability allows a remote attacker to access the /api/backup endpoint without authentication and retrieve a backup archive of the server configuration...

📄 Nginx UI 2.3.3 Backup Decryption Mass Scanner

This Python tool is a multi‑threaded scanner and exploitation utility designed to identify and validate the vulnerability CVE-2026-27944 affecting Nginx UI versions 2.3.2 and below. The script supports scanning single hosts, CIDR ranges, or target lists, and checks multiple common web service...

Exploit for CVE-2026-27944

Nginx UI Discovery Scanner - CVE-2026-27944 Version Detector ht...

EUVD-2025-208371

An unauthenticated attacker can abuse the weak hash of the backup generated by the wwwdnload.cgi endpoint to gain unauthorized access to sensitive data, including password hashes and certificates...

EUVD-2025-208370

An unauthenticated attacker can abuse the weak hash of the backup generated by the wwwdnload.cgi endpoint to gain unauthorized access to sensitive data, including password hashes and certificates...

CVE-2025-41762

An unauthenticated attacker can abuse the weak hash of the backup generated by the wwwdnload.cgi endpoint to gain unauthorized access to sensitive data, including password hashes and certificates...

CVE-2026-27944

Nginx UI is a web user interface for the Nginx web server. Prior to version 2.3.3, the /api/backup endpoint is accessible without authentication and discloses the encryption keys required to decrypt the backup in the X-Backup-Security response header. This allows an unauthenticated attacker to...

CVE-2026-27944

Nginx UI is a web user interface for the Nginx web server. Prior to version 2.3.3, the /api/backup endpoint is accessible without authentication and discloses the encryption keys required to decrypt the backup in the X-Backup-Security response header. This allows an unauthenticated attacker to...

EUVD-2026-9847

Nginx-UI Vulnerable to Unauthenticated Backup Download with Encryption Key Disclosure...