2 matches found
CVE-2026-50892
Incorrect access control in the "Let's Encrypt" certificate download endpoint of Nginx Proxy Manager v2.14.0 allows authenticated attackers to obtain the TLS private key material via a crafted GET request...
The vulnerability of the `requestLetsEncryptSsl` function in the NGINX Proxy Manager’s proxy server allows a hacker to execute arbitrary code.
The vulnerability of the requestLetsEncryptSsl function in the NGINX Proxy Manager’s proxy management module is related to the lack of measures taken to sanitize data at the control level. Exploiting this vulnerability allows a malicious actor to execute arbitrary code by adding a specially craft...