MiracleLinux 9 : nginx:1.24 (AXSA:2026-260:01)

The remote MiracleLinux 9 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2026-260:01 advisory. nginx: NGINX: Data injection via man-in-the-middle attack on TLS proxied connections CVE-2026-1642 Tenable has extracted the preceding description block...

CVE-2026-27944

Nginx UI is a web user interface for the Nginx web server. Prior to version 2.3.3, the /api/backup endpoint is accessible without authentication and discloses the encryption keys required to decrypt the backup in the X-Backup-Security response header. This allows an unauthenticated attacker to...

EUVD-2026-9847

Nginx-UI Vulnerable to Unauthenticated Backup Download with Encryption Key Disclosure...

Nginx-UI Vulnerable to Unauthenticated Backup Download with Encryption Key Disclosure

Summary The /api/backup endpoint is accessible without authentication and discloses the encryption keys required to decrypt the backup in the X-Backup-Security response header. This allows an unauthenticated attacker to download a full system backup containing sensitive data user credentials,...

BlackPearl-Full-Stack-Enumeration-Privilege-Escalation-Case-Study

BlackPearl – Proof of Concept Walkthrough Objective This...

CVE-2026-27944 Nginx UI: Unauthenticated Backup Download with Encryption Key Disclosure

Nginx UI is a web user interface for the Nginx web server. Prior to version 2.3.3, the /api/backup endpoint is accessible without authentication and discloses the encryption keys required to decrypt the backup in the X-Backup-Security response header. This allows an unauthenticated attacker to...

CVE-2026-27944 Nginx UI: Unauthenticated Backup Download with Encryption Key Disclosure

Nginx UI is a web user interface for the Nginx web server. Prior to version 2.3.3, the /api/backup endpoint is accessible without authentication and discloses the encryption keys required to decrypt the backup in the X-Backup-Security response header. This allows an unauthenticated attacker to...

CVE-2026-27944

Nginx UI is a web user interface for the Nginx web server. Prior to version 2.3.3, the /api/backup endpoint is accessible without authentication and discloses the encryption keys required to decrypt the backup in the X-Backup-Security response header. This allows an unauthenticated attacker to...

CVE-2026-27944

CVE-2026-27944 affects Nginx UI prior to 2.3.3, where the /api/backup endpoint is accessible without authentication. The response header X-Backup-Security leaks the AES decryption key/IV, enabling an unauthenticated attacker to download a full system backup (including credentials, tokens, SSL key...

nginx:1.24 security update

An update is available for module.nginx, nginx. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list nginx is a web and proxy server supporting HTTP and other...

AlmaLinux 9 : nginx:1.24 (ALSA-2026:3638)

The remote AlmaLinux 9 host has packages installed that are affected by a vulnerability as referenced in the ALSA-2026:3638 advisory. nginx: NGINX: Data injection via man-in-the-middle attack on TLS proxied connections CVE-2026-1642 Tenable has extracted the preceding description block directly...

Oracle Linux 9 : nginx:1.24 (ELSA-2026-3638)

The remote Oracle Linux 9 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2026-3638 advisory. - Resolves: RHEL-146526 - nginx:1.24/nginx: NGINX: Data injection via man-in-the-middle attack on TLS proxied connections CVE-2026-1642 - Resolves: RHEL-84480 -...

RHEL 9 : nginx:1.24 (RHSA-2026:3638)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2026:3638 advisory. nginx is a web and proxy server supporting HTTP and other protocols, with a focus on high concurrency, performance, and low memory usage. Security...

Nginx-UI Vulnerable to Unauthenticated Backup Download with Encryption Key Disclosure

The /api/backup endpoint is accessible without authentication and discloses the encryption keys required to decrypt the backup in the X-Backup-Security response header. This allows an unauthenticated attacker to download a full system backup containing sensitive data user credentials, session...

PT-2026-23481

Name of the Vulnerable Software and Affected Versions Nginx UI versions prior to 2.3.3 Description Nginx UI is a web user interface for the Nginx web server. A critical flaw exists where the '/api/backup' endpoint is accessible without authentication. When this endpoint is accessed, the server...

Nginx UI 安全漏洞

Nginx UI is a web interface for Nginx developed by Jacky. Versions of Nginx UI prior to 2.3.3 contained security vulnerabilities. These vulnerabilities stemmed from the /api/backup endpoint, which allowed access without authentication, thereby exposing encrypted keys. This could enable unverified...

RHSA-2026:3638 Red Hat Security Advisory: nginx:1.24 security update

Bulletin has no description...

CVE-2025-23419 vulnerabilities

Vulnerabilities for packages: ingress-nginx-controller...

GHSA-84XH-PWC6-7G4G vulnerabilities

Vulnerabilities for packages: ingress-nginx-controller...

GHSA-84XH-PWC6-7G4G vulnerabilities

Vulnerabilities for packages: ingress-nginx-controller-fips, ingress-nginx-controller...