What is CVE-2026-55477?

CVE-2026-55477 is a high-severity vulnerability in Mhsanaei 3x-ui, classified under External Control of File Name or Path. CVSS score: 7.2/10. Published 2026-06-25.

How severe is CVE-2026-55477?

High severity. CVSS v3 base score is 7.2 out of 10.

Vulnerability in Mhsanaei 3x-ui

CVE-2026-55477

3X-UI is a web control panel for managing Xray-core servers. Prior to 3.3.1, an authenticated administrator can abuse the database import functionality to achieve arbitrary file write on the host by modifying Xray configuration values stor…

CVSS v3 metric

CVSS v3 base score 7.2 (High). Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H.

Affected products

Mhsanaei 3x-ui — versions < 3.3.1

Weakness classification (CWE)

CWE-73 — External Control of File Name or Path

References

security-advisories@github.com (x_refsource_CONFIRM)

Frequently asked questions

What is CVE-2026-55477?: CVE-2026-55477 is a high-severity vulnerability in Mhsanaei 3x-ui, classified under External Control of File Name or Path. CVSS score: 7.2/10. Published 2026-06-25.
How severe is CVE-2026-55477?: High severity. CVSS v3 base score is 7.2 out of 10.