CVE-2026-33026

Critical CVSS: 9.4

Nginx UI is a web user interface for the Nginx web server. Prior to version 2.3.4, the nginx-ui backup restore mechanism allows attackers to tamper with encrypted backup archives and inject malicious configuration during restoration. This issue has been patched in version 2.3.4.

Vendor

Nginxui

Product

Nginx Ui

CWE

CWE-312

Yayın Tarihi

2026-03-30 20:16:22

Güncelleme

2026-04-01 18:16:43

Source Identifier

security-advisories@github.com

KEV Date Added

Kategoriler

CWE-312 Nginx Ui CRITICAL Nginxui 2026

Referanslar

https://github.com/0xJacky/nginx-ui/releases/tag/v2.3.4 https://github.com/0xJacky/nginx-ui/security/advisories/GHSA-fhh2-gg7w-gwpq https://github.com/0xJacky/nginx-ui/security/advisories/GHSA-fhh2-gg7w-gwpq

Benzer Kayıtlar

Medium

CVE-2026-33029

Nginx UI is a web user interface for the Nginx web server. Prior to version 2.3.4, an input validation vulnerability in…

High

CVE-2026-33030

Nginx UI is a web user interface for the Nginx web server. In versions 2.3.3 and prior, Nginx-UI contains an Insecure Di…

Critical

CVE-2026-33032

Nginx UI is a web user interface for the Nginx web server. In versions 2.3.5 and prior, the nginx-ui MCP (Model Context…

Medium

CVE-2026-33027

Nginx UI is a web user interface for the Nginx web server. Prior to version 2.3.4, the nginx-ui configuration improperly…

High

CVE-2026-33028

Nginx UI is a web user interface for the Nginx web server. Prior to version 2.3.4, the nginx-ui application is vulnerabl…

Critical

CVE-2026-27944

Nginx UI is a web user interface for the Nginx web server. Prior to version 2.3.3, the /api/backup endpoint is accessibl…