CVE-2026-44015 Nginx UI: Server-Side Request Forgery (SSRF) via Cluster Proxy Middleware Allows Access to Internal Services

Nginx UI is a web user interface for the Nginx web server. In 2.3.4 and earlier, an authenticated user can perform Server-Side Request Forgery SSRF by creating a cluster node pointing to an arbitrary internal URL and then sending API requests with the X-Node-ID header. The Proxy middleware forwar...

Nginx-UI is Vulnerable to Unauthenticated Remote Code Execution via Backup Restore

Product: nginx-ui Repository: 0xJacky/nginx-ui branch: dev Vulnerability Class: Authentication Bypass → Arbitrary File Write → OS Command Injection Affected Component: POST /api/restore --- 1. Vulnerability Summary nginx-ui exposes a backup restore endpoint POST /api/restore that is completely...

CVE-2026-42238

Nginx UI (nginx-ui) prior to version 2.3.8 exposes an unauthenticated backup restore endpoint (POST /api/restore) during the first 10 minutes after startup. An unauthenticated remote attacker can upload a crafted backup archive that overwrites app.ini and the SQLite database, allowing injection o...

CVE-2026-42220 nginx-ui: Authenticated settings disclosure exposes node.secret and enables trusted-node authentication abuse, backup exfiltration, and restore-based nginx-ui state rollback

Nginx UI is a web user interface for the Nginx web server. Prior to version 2.3.8, an authenticated user can call GET /api/settings and retrieve sensitive configuration values, including node.secret. The same node.secret is accepted by AuthRequired through the X-Node-Secret header or nodesecret...

Access Control Bypass

Overview Affected versions of this package are vulnerable to Access Control Bypass through the authentication process. An attacker can maintain unauthorized access to protected resources and perform actions such as reading, modifying, or creating new accounts by using previously issued bearer...

CVE-2026-33031

Nginx UI is a web user interface for the Nginx web server. Prior to version 2.3.4, a user who was disabled by an administrator can use previously issued API tokens for up to the token lifetime. In practice, disabling a compromised account does not actually terminate that user’s access, so an...

CVE-2026-33031

The CVE concerns Nginx UI prior to version 2.3.4 . A user disabled by an administrator can continue using previously issued API tokens for up to the token lifetime, allowing continued access to reading/modifying protected resources after disable. Tokens can create new accounts, so the disabled us...

Nginx UI 安全漏洞

Nginx UI is a web interface for Nginx developed by Jacky. Versions of Nginx UI prior to 2.3.5 contained security vulnerabilities. These vulnerabilities stemmed from WebSocket endpoints that did not validate sources and an insecure storage of authentication tokens, which could lead to cross-site...

CVE-2026-33030 Nginx UI: Unencrypted Storage of DNS API Tokens and ACME Private Keys

Nginx UI is a web user interface for the Nginx web server. In versions 2.3.3 and prior, Nginx-UI contains an Insecure Direct Object Reference IDOR vulnerability that allows any authenticated user to access, modify, and delete resources belonging to other users. The application's base Model struct...

CVE-2026-33030

CVE-2026-33030 affects nginx-ui up to version 2.3.3. An Insecure Direct Object Reference (IDOR) vulnerability allows any authenticated user to access, modify, or delete resources owned by other users due to lack of user ownership checks in the base model and endpoints. Some sources (GHSA/OSV) add...

Nginx UI 竞争条件问题漏洞

Nginx UI is a web interface for Nginx developed by Jacky. Versions of Nginx UI prior to 2.3.4 contained a race condition vulnerability. This vulnerability arises due to race conditions; the lack of synchronization mechanisms and non-atomic file writes can lead to corrupted main configuration file...

nginx-ui's Unauthenticated MCP Endpoint Allows Remote Nginx Takeover

The nginx-ui MCP Model Context Protocol integration exposes two HTTP endpoints: /mcp and /mcpmessage. While /mcp requires both IP whitelisting and authentication AuthRequired middleware, the /mcpmessage endpoint only applies IP whitelisting - and the default IP whitelist is empty, which the...

PT-2026-29091

Nginx-UI and Affected Versions Nginx-UI versions 2.3.3 and prior Description Nginx-UI contains an Insecure Direct Object Reference IDOR vulnerability that allows any authenticated user to access, modify, and delete resources belonging to other users. The application's base Model struct lacks a us...

Exploit for CVE-2026-27944

CVE-2026-27944 - Nginx-UI Unauthenticated Backup Download !...

The vulnerability of the Import Certificate function in the Nginx UI server’s user interface allows a perpetrator to gain access to read, modify, and delete data, as well as execute arbitrary code.

The vulnerability of the Import Certificate function in the Nginx UI server’s user interface is related to incorrect restrictions on the path names for sslcertificatepath, sslcertificatekeypath, sslcertificate, and sslcertificatekey, which have limited access. Exploiting this vulnerability could...