14 matches found
CVE-2026-27944
CVE-2026-27944 affects Nginx UI prior to 2.3.3, where the /api/backup endpoint is accessible without authentication. The response header X-Backup-Security leaks the AES decryption key/IV, enabling an unauthenticated attacker to download a full system backup (including credentials, tokens, SSL key...
CVE-2024-22198
CVE-2024-22198 affects Nginx-UI, a web interface for Nginx config management. The issue allows authenticated remote code execution by abusing configuration settings; the Home > Preference exposes sensitive settings (Run Mode, Jwt Secret, Node Secret, Terminal Start Command) and can be modified...
CVE-2024-22197
Nginx-UI is affected by an authenticated RCE/privilege escalation/Info Disclosure issue in which the API accepts test_config_cmd, reload_cmd, and restart_cmd changes, enabling command execution via CRLF. Affected product: Nginx-UI (web interface for Nginx configurations). Root cause: incomplete i...
CVE-2024-22196
CVE-2024-22196 affects nginx-ui (Go) where OrderAndPaginate uses user-controlled query parameters (order and sort_by via DefaultQuery) to build SQL order clauses, enabling SQL injection via crafted requests. Multiple connected sources confirm the vulnerability is exploitable through the GET /api/...
CVE-2024-23828
Summary: CVE-2024-23828 affects Nginx-UI, a web interface for Nginx configuration. An authenticated attacker can achieve arbitrary command execution by abusing CRLF in configuration fields (test_config_cmd or start_cmd), due to an incomplete fix for CVE-2024-22197/22198. The issue is capped at hi...
CVE-2026-42238
Nginx UI (nginx-ui) prior to version 2.3.8 exposes an unauthenticated backup restore endpoint (POST /api/restore) during the first 10 minutes after startup. An unauthenticated remote attacker can upload a crafted backup archive that overwrites app.ini and the SQLite database, allowing injection o...
CVE-2026-34403
CVE-2026-34403 : Nginx-UI before 2.3.5 suffers Cross‑Site WebSocket Hijacking (CSWSH) due to an unsafe WebSocket upgrader that unconditionally sets CheckOrigin to true across all endpoints, enabling authenticated WebSocket connections from attacker‑controlled pages. Token authentication is stored...
CVE-2026-33031
The CVE concerns Nginx UI prior to version 2.3.4 . A user disabled by an administrator can continue using previously issued API tokens for up to the token lifetime, allowing continued access to reading/modifying protected resources after disable. Tokens can create new accounts, so the disabled us...
CVE-2026-42223
Nginx UI (nginx-ui) before version 2.3.8 exposes sensitive settings through the GetSettings API. The handler serializes all settings structs to JSON and returns them to authenticated users, while the protected:"true" tag is only enforced on writes, not reads. This leaks 40+ protected fields, incl...
CVE-2026-33028
CVE-2026-33028 affects Nginx UI, prior to version 2.3.4. The issue is a race condition caused by a lack of synchronization (mutex) and non-atomic writes to the primary configuration file (app.ini), leading to persistent DoS and a non-deterministic path for potential RCE via configuration cross-co...
CVE-2026-33027
Nginx UI (the web UI for Nginx) prior to version 2.3.4 is affected by improper handling of URL-encoded traversal sequences. When crafted paths are provided, the backend resolves them to the base Nginx configuration directory and can operate on the base directory (/etc/nginx). An authenticated use...
CVE-2026-42220
Nginx UI (nginx-ui) prior to version 2.3.8 exposes a vulnerability where an authenticated user can call GET /api/settings to retrieve sensitive values, including node.secret. The node.secret is accepted by AuthRequired() via the X-Node-Secret header (or node_secret query parameter), allowing the ...
CVE-2026-33029
CVE-2026-33029 affects Nginx UI (web UI for Nginx). An input validation flaw in the logrotate configuration allows an authenticated user to submit a negative integer for the rotation interval, causing the backend to enter an infinite loop or invalid state and rendering the UI unresponsive (DoS). ...
CVE-2026-33026
The connected advisory GHSA-FHH2-GG7W-GWPQ describes a vulnerability in nginx-ui (application version v2.3.3 ) where the backup/restore mechanism is vulnerable to tampering. The backup format encrypts files and stores hashes encrypted with the same key given to the client, creating a circular tru...