23 matches found
CVE-2024-49368
CVE-2024-49368 affects Nginx UI prior to version 2.0.0-beta.36. The issue arises when configuring logrotate: unverified input is passed to exec.Command, allowing arbitrary command execution. The fixed version is 2.0.0-beta.36. This is documented across multiple sources (Red Hat, NVD, CVE lists, a...
CVE-2026-27944
CVE-2026-27944 affects Nginx UI prior to 2.3.3, where the /api/backup endpoint is accessible without authentication. The response header X-Backup-Security leaks the AES decryption key/IV, enabling an unauthenticated attacker to download a full system backup (including credentials, tokens, SSL key...
CVE-2024-22198
CVE-2024-22198 affects Nginx-UI, a web interface for Nginx config management. The issue allows authenticated remote code execution by abusing configuration settings; the Home > Preference exposes sensitive settings (Run Mode, Jwt Secret, Node Secret, Terminal Start Command) and can be modified...
CVE-2024-49367
CVE-2024-49367 affects Nginx UI prior to version 2.0.0-beta.36. The issue is a controllable log path that, when combined with directory traversal at the /api/configs endpoint, allows reading directories and file contents on the server. A fixed version is 2.0.0-beta.36. Connected sources confirm t...
CVE-2024-22197
Nginx-UI is affected by an authenticated RCE/privilege escalation/Info Disclosure issue in which the API accepts test_config_cmd, reload_cmd, and restart_cmd changes, enabling command execution via CRLF. Affected product: Nginx-UI (web interface for Nginx configurations). Root cause: incomplete i...
CVE-2026-33032
CVE-2026-33032 affects nginx-ui prior to 2.3.4. The MCP integration exposes two HTTP endpoints: /mcp (protected by AuthRequired) and /mcp_message (no authentication). The default IPWhiteList is empty, which the middleware treats as “allow all,” enabling unauthenticated MCP tool invocations (e.g.,...
CVE-2024-22196
CVE-2024-22196 affects nginx-ui (Go) where OrderAndPaginate uses user-controlled query parameters (order and sort_by via DefaultQuery) to build SQL order clauses, enabling SQL injection via crafted requests. Multiple connected sources confirm the vulnerability is exploitable through the GET /api/...
CVE-2024-23828
Summary: CVE-2024-23828 affects Nginx-UI, a web interface for Nginx configuration. An authenticated attacker can achieve arbitrary command execution by abusing CRLF in configuration fields (test_config_cmd or start_cmd), due to an incomplete fix for CVE-2024-22197/22198. The issue is capped at hi...
CVE-2024-23827
Summary of CVE-2024-23827 (Nginx-UI) Nginx-UI (github.com/0xJacky/Nginx-UI) exposes an Import Certificate feature via the API endpoint /api/cert which allows writing uploaded certificate data and keys to arbitrary filesystem paths. The write logic accepts path fields (ssl_certificate_path, ssl_ce...
CVE-2026-42238
Nginx UI (nginx-ui) prior to version 2.3.8 exposes an unauthenticated backup restore endpoint (POST /api/restore) during the first 10 minutes after startup. An unauthenticated remote attacker can upload a crafted backup archive that overwrites app.ini and the SQLite database, allowing injection o...
CVE-2024-49366
Nginx UI (versions up to 2.0.0-beta.35) is affected by a directory-traversal vulnerability where the UI reads a value from a JSON field without verification, enabling payloads like ../../ to write arbitrary files on the server and potentially cause permission loss. A fix is available: upgrade to ...
CVE-2026-42221
Summary: CVE-2026-42221 affects nginx-ui versions 2.0.0 through 2.3.7, where an unauthenticated attacker can claim the initial administrator account during first-run via the public /api/install endpoint. The installation flow and public keys are not authenticated, allowing an attacker to set admi...
CVE-2026-42223
Nginx UI (nginx-ui) before version 2.3.8 exposes sensitive settings through the GetSettings API. The handler serializes all settings structs to JSON and returns them to authenticated users, while the protected:"true" tag is only enforced on writes, not reads. This leaks 40+ protected fields, incl...
CVE-2026-33031
The CVE concerns Nginx UI prior to version 2.3.4 . A user disabled by an administrator can continue using previously issued API tokens for up to the token lifetime, allowing continued access to reading/modifying protected resources after disable. Tokens can create new accounts, so the disabled us...
CVE-2026-34403
CVE-2026-34403 : Nginx-UI before 2.3.5 suffers Cross‑Site WebSocket Hijacking (CSWSH) due to an unsafe WebSocket upgrader that unconditionally sets CheckOrigin to true across all endpoints, enabling authenticated WebSocket connections from attacker‑controlled pages. Token authentication is stored...
CVE-2026-33028
CVE-2026-33028 affects Nginx UI, prior to version 2.3.4. The issue is a race condition caused by a lack of synchronization (mutex) and non-atomic writes to the primary configuration file (app.ini), leading to persistent DoS and a non-deterministic path for potential RCE via configuration cross-co...
CVE-2026-33030
CVE-2026-33030 affects nginx-ui up to version 2.3.3. An Insecure Direct Object Reference (IDOR) vulnerability allows any authenticated user to access, modify, or delete resources owned by other users due to lack of user ownership checks in the base model and endpoints. Some sources (GHSA/OSV) add...
CVE-2026-42222
CVE-2026-42222 (nginx-ui 2.3.5) describes an unauthenticated bootstrap takeover during the initial installation window exposed by POST /api/install. The issue allows a remote attacker to submit attacker-chosen bootstrap data and gain full unauthenticated administrative control on a fresh, uniniti...
CVE-2026-42220
Nginx UI (nginx-ui) prior to version 2.3.8 exposes a vulnerability where an authenticated user can call GET /api/settings to retrieve sensitive values, including node.secret. The node.secret is accepted by AuthRequired() via the X-Node-Secret header (or node_secret query parameter), allowing the ...
CVE-2026-33029
CVE-2026-33029 affects Nginx UI (web UI for Nginx). An input validation flaw in the logrotate configuration allows an authenticated user to submit a negative integer for the rotation interval, causing the backend to enter an infinite loop or invalid state and rendering the UI unresponsive (DoS). ...
CVE-2026-44015
CVE-2026-44015 describes SSRF in Nginx UI prior to 2.3.5 where an authenticated user can create a cluster node with an internal URL and trigger the Proxy middleware to forward requests using the X-Node-ID header, bypassing network segmentation and reaching localhost/internal services (including c...
CVE-2026-33027
Nginx UI (the web UI for Nginx) prior to version 2.3.4 is affected by improper handling of URL-encoded traversal sequences. When crafted paths are provided, the backend resolves them to the base Nginx configuration directory and can operate on the base directory (/etc/nginx). An authenticated use...
CVE-2026-33026
The connected advisory GHSA-FHH2-GG7W-GWPQ describes a vulnerability in nginx-ui (application version v2.3.3 ) where the backup/restore mechanism is vulnerable to tampering. The backup format encrypts files and stores hashes encrypted with the same key given to the client, creating a circular tru...