Approved changes feed: RSS · Atom
cpe:2.3:a:0xjacky:nginx-ui:*:*:*:*:*:*:*:*
part: a version: * update: *
| Vendor | 0Xjacky (c4e0923b-58f1-5687-a9d1-387c996ca5d1) |
|---|---|
| Product | Nginx Ui (8ba8cd69-4894-54e7-876c-1d24c242050c) |
| Edition | * |
| Language | * |
| Software edition | * |
| Target software | * |
| Target hardware | * |
| Other | * |
| Notes | Imported from gcve-enriched-dumps CVE data |
PURL mappings
| PURL | Source | Last updated |
|---|---|---|
| No PURL mappings for this CPE yet. | ||
Vulnerability references
| Identifier | cpeApplicability | Submitted | db.gcve.eu details | Rationale |
|---|---|---|---|---|
CVE:CVE-2026-44015 |
vulnerable | 2026-06-08 08:03:18.065574 |
Nginx UI: Server-Side Request Forgery (SSRF) via Cluster Proxy Middleware Allows Access to Internal Services
HIGH (8.5)
Nginx UI is a web user interface for the Nginx web server. In 2.3.4 and earlier, an authenticated user can perform Server-Side Request Forgery (SSRF) by creating a cluster node pointing to an arbitrary internal URL and then sending API requests with the X-Node-ID header. The Proxy middleware forwards these requests to the attacker-specified internal address, bypassing network segmentation and enabling access to services bound to localhost or internal networks.
Published: 2026-05-12T20:49:16.240Z
Updated: 2026-05-14T21:32:37.840Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2026-42238 |
vulnerable | 2026-06-08 08:03:16.064223 |
Unauthenticated Remote Code Execution via Backup Restore in nginx-ui
Nginx UI is a web user interface for the Nginx web server. Prior to version 2.3.8, nginx-ui exposes a backup restore endpoint (POST /api/restore) that is completely unauthenticated during the first 10 minutes after process startup on any fresh installation. An unauthenticated remote attacker can upload a crafted backup archive that overwrites the application's configuration file (app.ini) and SQLite database. Because the attacker controls the restored app.ini, they can inject an arbitrary OS command into the TestConfigCmd setting. After the application automatically restarts to apply the restored config, a single follow-up request triggers that command as the user running nginx-ui — typically root in Docker deployments. This issue has been patched in version 2.3.8.
Published: 2026-05-04T20:13:22.196Z
Updated: 2026-05-05T15:50:36.447Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2026-42223 |
vulnerable | 2026-06-08 08:03:16.051053 |
nginx-ui: Settings API Exposes Protected Secrets
MEDIUM (6.5)
Nginx UI is a web user interface for the Nginx web server. Prior to version 2.3.8, the GetSettings API handler (api/settings/settings.go:24-65) serializes all settings structs to JSON and returns them to authenticated users. Many sensitive fields are tagged with protected:"true" - however, this tag is only enforced during writes (via ProtectedFill in SaveSettings) and is completely ignored during reads. This exposes 40+ protected fields including JwtSecret (enabling auth token forgery), NodeSecret (enabling cluster node impersonation), OIDC ClientSecret (enabling OAuth account takeover), and the IP whitelist configuration. This issue has been patched in version 2.3.8.
Published: 2026-05-04T20:12:00.546Z
Updated: 2026-05-05T14:08:40.851Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2026-42222 |
vulnerable | 2026-06-08 08:03:16.048024 |
nginx-ui: Unauthenticated first-boot instance claim via POST /api/install allows remote bootstrap takeover
HIGH (8.1)
Nginx UI is a web user interface for the Nginx web server. In version 2.3.5, an unauthenticated bootstrap takeover exists in nginx-ui during the initial installation window exposed by POST /api/install. At time of publication no public patches are available.
Published: 2026-05-04T20:11:11.049Z
Updated: 2026-05-06T13:58:55.214Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2026-42221 |
vulnerable | 2026-06-08 08:03:16.047396 |
nginx-ui: Unauthenticated First-Run Installer Allows Remote Initial Admin Claim
HIGH (8.1)
Nginx UI is a web user interface for the Nginx web server. From version 2.0.0 to before version 2.3.8, an unauthenticated network attacker can claim the initial administrator account on a fresh nginx-ui instance during the first-run setup window. The public /api/install endpoint is reachable without authentication, and the request-encryption flow only protects payload confidentiality in transit; it does not authenticate who is allowed to perform installation. A remote attacker who reaches the service before the legitimate operator can set the admin email, username, and password, causing permanent initial-instance takeover. This issue has been patched in version 2.3.8.
Published: 2026-05-04T20:09:37.308Z
Updated: 2026-05-05T14:14:11.906Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2026-42220 |
vulnerable | 2026-06-08 08:03:16.045624 | db.gcve.eu details were skipped to keep the page responsive. | Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2026-34403 |
vulnerable | 2026-06-08 07:59:12.478466 | db.gcve.eu details were skipped to keep the page responsive. | Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2026-33032 |
vulnerable | 2026-06-08 07:57:18.488014 | db.gcve.eu details were skipped to keep the page responsive. | Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2026-33031 |
vulnerable | 2026-06-08 07:57:18.487724 | db.gcve.eu details were skipped to keep the page responsive. | Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2026-33030 |
vulnerable | 2026-06-08 07:57:18.487399 | db.gcve.eu details were skipped to keep the page responsive. | Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2026-33029 |
vulnerable | 2026-06-08 07:57:18.487078 | db.gcve.eu details were skipped to keep the page responsive. | Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2026-33028 |
vulnerable | 2026-06-08 07:57:18.484828 | db.gcve.eu details were skipped to keep the page responsive. | Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2026-33027 |
vulnerable | 2026-06-08 07:57:18.484367 | db.gcve.eu details were skipped to keep the page responsive. | Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2026-33026 |
vulnerable | 2026-06-08 07:57:18.482828 | db.gcve.eu details were skipped to keep the page responsive. | Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2026-27944 |
vulnerable | 2026-06-08 07:55:14.691928 | db.gcve.eu details were skipped to keep the page responsive. | Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-49368 |
vulnerable | 2026-06-08 06:50:13.698446 | db.gcve.eu details were skipped to keep the page responsive. | Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-49367 |
vulnerable | 2026-06-08 06:50:13.683738 | db.gcve.eu details were skipped to keep the page responsive. | Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-49366 |
vulnerable | 2026-06-08 06:50:13.641898 | db.gcve.eu details were skipped to keep the page responsive. | Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-23828 |
vulnerable | 2026-06-08 06:29:40.725595 | db.gcve.eu details were skipped to keep the page responsive. | Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-23827 |
vulnerable | 2026-06-08 06:29:40.672342 | db.gcve.eu details were skipped to keep the page responsive. | Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-22198 |
vulnerable | 2026-06-08 06:29:34.103112 | db.gcve.eu details were skipped to keep the page responsive. | Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-22197 |
vulnerable | 2026-06-08 06:29:34.098196 | db.gcve.eu details were skipped to keep the page responsive. | Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-22196 |
vulnerable | 2026-06-08 06:29:34.086119 | db.gcve.eu details were skipped to keep the page responsive. | Imported from gcve-enriched-dumps CVE data |
Contribute
You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.