CVE-2026-28755 affecting package nginx for versions less than 1.22.1-16

CVE-2026-28755 affecting package nginx for versions less than 1.22.1-16. A patched version of the package is available...

CVE-2026-27784 affecting package nginx for versions less than 1.22.1-16

CVE-2026-27784 affecting package nginx for versions less than 1.22.1-16. A patched version of the package is available...

CVE-2026-27654 affecting package nginx for versions less than 1.22.1-16

CVE-2026-27654 affecting package nginx for versions less than 1.22.1-16. A patched version of the package is available...

CVE-2026-27651 affecting package nginx for versions less than 1.22.1-16

CVE-2026-27651 affecting package nginx for versions less than 1.22.1-16. A patched version of the package is available...

CVE-2026-32647 affecting package nginx for versions less than 1.22.1-16

CVE-2026-32647 affecting package nginx for versions less than 1.22.1-16. A patched version of the package is available...

Moderate: Red Hat Security Advisory: nginx security update

An update for nginx is now available for Red Hat Enterprise Linux 9.6 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for ea...

nginx: NGINX: Data injection via man-in-the-middle attack on TLS proxied connections

A flaw was found in NGINX. When NGINX is configured to proxy to upstream Transport Layer Security TLS servers, An attacker with a man-in-the-middle MITM position on the upstream server side—along with conditions beyond the attacker's control—may be able to inject plain text data into the response...

Nginx UI 安全漏洞

Nginx UI is a web interface for Nginx developed by Jacky. Versions of Nginx UI prior to 2.3.4 contained security vulnerabilities. These vulnerabilities stemmed from improper handling of URL-encoded traversal sequences, which could allow authenticated users to delete the entire /etc/nginx director...

Nginx UI 竞争条件问题漏洞

Nginx UI is a web interface for Nginx developed by Jacky. Versions of Nginx UI prior to 2.3.4 contained a race condition vulnerability. This vulnerability arises due to race conditions; the lack of synchronization mechanisms and non-atomic file writes can lead to corrupted main configuration file...

Nginx UI 输入验证错误漏洞

Nginx UI is a web interface for Nginx developed by Jacky. Versions of Nginx UI prior to 2.3.4 contained a vulnerability related to input validation. This vulnerability stemmed from issues with input validation in the logrotate configuration. It allowed authenticated users to cause the web interfa...

Nginx UI 安全漏洞

Nginx UI is a web interface for Nginx developed by Jacky. Versions of Nginx UI 2.3.3 and earlier have security vulnerabilities. These vulnerabilities stem from insecure direct object references, allowing any authenticated user to access, modify, and delete resources of other users...

Nginx UI 安全漏洞

Nginx UI is a web interface for Nginx developed by Jacky. Versions of Nginx UI 2.3.5 and earlier contained security vulnerabilities. These vulnerabilities stemmed from the MCP integration, where the /mcmessage endpoint only applied an IP white list, and the default white list was empty. This...

Nginx UI 安全漏洞

Nginx UI is a web interface for Nginx developed by Jacky. Versions of Nginx UI prior to 2.3.4 contained security vulnerabilities. These vulnerabilities stemmed from the backup and restoration mechanism, which allowed attackers to tamper with encrypted backup archives and inject malicious...

nginx-ui Backup Restore Allows Tampering with Encrypted Backups

The nginx-ui backup restore mechanism allows attackers to tamper with encrypted backup archives and inject malicious configuration during restoration...

Nginx Configuration Directory Vulnerable to Recursive Deletion via Improper Path Validation

The nginx-ui configuration improperly handles URL-encoded traversal sequences. When specially crafted paths are supplied, the backend resolves them to the base Nginx configuration directory and executes the operation on the base directory /etc/nginx. In particular, this allows an authenticated us...

nginx-ui Vulnerable to DoS via Negative Integer Input in Logrotate Interval

An input validation vulnerability in the logrotate configuration allows an authenticated user to cause a complete Denial of Service DoS. By submitting a negative integer for the rotation interval, the backend enters an infinite loop or an invalid state, rendering the web interface unresponsive...

nginx-UI has Unencrypted Storage of DNS API Tokens and ACME Private Keys

Nginx-UI contains an Insecure Direct Object Reference IDOR vulnerability that allows any authenticated user to access, modify, and delete resources belonging to other users. The application's base Model struct lacks a userid field, and all resource endpoints perform queries by ID without verifyin...

nginx-ui's Unauthenticated MCP Endpoint Allows Remote Nginx Takeover

The nginx-ui MCP Model Context Protocol integration exposes two HTTP endpoints: /mcp and /mcpmessage. While /mcp requires both IP whitelisting and authentication AuthRequired middleware, the /mcpmessage endpoint only applies IP whitelisting - and the default IP whitelist is empty, which the...

RHEL 9 : nginx (RHSA-2026:6182)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2026:6182 advisory. nginx is a web and proxy server supporting HTTP and other protocols, with a focus on high concurrency, performance, and low memory usage. Security...

PT-2026-29103

Name of the Vulnerable Software and Affected Versions Nginx UI versions prior to 2.3.4 Description Nginx UI, a web user interface for the Nginx web server, contains a flaw in its backup restore mechanism. Prior to version 2.3.4, attackers can manipulate encrypted backup archives and inject...