0xjacky Nginx-ui
23 CVEs affecting 0xjacky Nginx-ui. Latest disclosed: 2026-05-12. Critical: 4, High: 8.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2026-42238 | Critical | 9.8 | 2026-05-04 | Nginx UI is a web user interface for the Nginx web server. Prior to version 2.3.8, nginx-ui exposes a backup restore endpoint (POST /api/restore) that is compl… |
CVE-2026-33032 | Critical | 9.8 | 2026-03-30 | Nginx UI is a web user interface for the Nginx web server. In versions 2.3.5 and prior, the nginx-ui MCP (Model Context Protocol) integration exposes two HTTP… |
CVE-2026-27944 | Critical | 9.8 | 2026-03-05 | Nginx UI is a web user interface for the Nginx web server. Prior to version 2.3.3, the /api/backup endpoint is accessible without authentication and discloses… |
CVE-2024-23827 | Critical | 9.8 | 2024-01-29 | Nginx-UI is a web interface to manage Nginx configurations. The Import Certificate feature allows arbitrary write into the system. The feature does not check i… |
CVE-2026-33030 | High | 8.8 | 2026-03-30 | Nginx UI is a web user interface for the Nginx web server. In versions 2.3.3 and prior, Nginx-UI contains an Insecure Direct Object Reference (IDOR) vulnerabil… |
CVE-2024-23828 | High | 8.8 | 2024-01-29 | Nginx-UI is a web interface to manage Nginx configurations. It is vulnerable to an authenticated arbitrary command execution via CRLF attack when changing the… |
CVE-2026-44015 | High | 8.5 | 2026-05-12 | Nginx UI is a web user interface for the Nginx web server. In 2.3.4 and earlier, an authenticated user can perform Server-Side Request Forgery (SSRF) by creati… |
CVE-2026-42222 | High | 8.1 | 2026-05-04 | Nginx UI is a web user interface for the Nginx web server. In version 2.3.5, an unauthenticated bootstrap takeover exists in nginx-ui during the initial instal… |
CVE-2026-42221 | High | 8.1 | 2026-05-04 | Nginx UI is a web user interface for the Nginx web server. From version 2.0.0 to before version 2.3.8, an unauthenticated network attacker can claim the initia… |
CVE-2024-22197 | High | 7.7 | 2024-01-11 | Nginx-ui is online statistics for Server Indicators Monitor CPU usage, memory usage, load average, and disk usage in real-time. The `Home > Preference` page… |
CVE-2024-22198 | High | 7.1 | 2024-01-11 | Nginx-UI is a web interface to manage Nginx configurations. It is vulnerable to arbitrary command execution by abusing the configuration settings. The `Home >… |
CVE-2024-22196 | High | 7.0 | 2024-01-11 | Nginx-UI is an online statistics for Server Indicators Monitor CPU usage, memory usage, load average, and disk usage in real-time. This issue may lead to inf… |
CVE-2026-42223 | Medium | 6.5 | 2026-05-04 | Nginx UI is a web user interface for the Nginx web server. Prior to version 2.3.8, the GetSettings API handler (api/settings/settings.go:24-65) serializes all… |
CVE-2026-42220 | Medium | 6.5 | 2026-05-04 | Nginx UI is a web user interface for the Nginx web server. Prior to version 2.3.8, an authenticated user can call GET /api/settings and retrieve sensitive conf… |
CVE-2026-34403 | | 2026-04-20 | Nginx UI is a web user interface for the Nginx web server. Prior to version 2.3.5, all WebSocket endpoints in nginx-ui use a gorilla/websocket Upgrader with Ch… | |
CVE-2026-33031 | | 2026-04-20 | Nginx UI is a web user interface for the Nginx web server. Prior to version 2.3.4, a user who was disabled by an administrator can use previously issued API to… | |
CVE-2026-33026 | | 2026-03-30 | Nginx UI is a web user interface for the Nginx web server. Prior to version 2.3.4, the nginx-ui backup restore mechanism allows attackers to tamper with encryp… | |
CVE-2026-33027 | | 2026-03-30 | Nginx UI is a web user interface for the Nginx web server. Prior to version 2.3.4, the nginx-ui configuration improperly handles URL-encoded traversal sequence… | |
CVE-2026-33028 | | 2026-03-30 | Nginx UI is a web user interface for the Nginx web server. Prior to version 2.3.4, the nginx-ui application is vulnerable to a Race Condition. Due to the compl… | |
CVE-2026-33029 | | 2026-03-30 | Nginx UI is a web user interface for the Nginx web server. Prior to version 2.3.4, an input validation vulnerability in the logrotate configuration allows an a… |