Nginxui Nginx_ui

6 CVEs affecting Nginxui Nginx_ui. Latest disclosed: 2026-05-12. Critical: 1, High: 3.

Top CVEs affecting Nginxui Nginx_ui
CVE	Severity	Score	Published	Summary
`CVE-2026-42238`	Critical	`9.8`	2026-05-04	Nginx UI is a web user interface for the Nginx web server. Prior to version 2.3.8, nginx-ui exposes a backup restore endpoint (POST /api/restore) that is compl…
`CVE-2026-44015`	High	`8.5`	2026-05-12	Nginx UI is a web user interface for the Nginx web server. In 2.3.4 and earlier, an authenticated user can perform Server-Side Request Forgery (SSRF) by creati…
`CVE-2026-42222`	High	`8.1`	2026-05-04	Nginx UI is a web user interface for the Nginx web server. In version 2.3.5, an unauthenticated bootstrap takeover exists in nginx-ui during the initial instal…
`CVE-2026-42221`	High	`8.1`	2026-05-04	Nginx UI is a web user interface for the Nginx web server. From version 2.0.0 to before version 2.3.8, an unauthenticated network attacker can claim the initia…
`CVE-2026-42223`	Medium	`6.5`	2026-05-04	Nginx UI is a web user interface for the Nginx web server. Prior to version 2.3.8, the GetSettings API handler (api/settings/settings.go:24-65) serializes all…
`CVE-2026-42220`	Medium	`6.5`	2026-05-04	Nginx UI is a web user interface for the Nginx web server. Prior to version 2.3.8, an authenticated user can call GET /api/settings and retrieve sensitive conf…