32 Total advisories
32 Vulnerabilities
0 Malware
Vulnerabilities
HIGH 8.5
CVE-2026-44015
Nginx-UI has Server-Side Request Forgery (SSRF) via Cluster Proxy Middleware that Allows Access to Internal Services
HIGH 8.1
CVE-2026-42221
Nginx-UI: Unauthenticated First-Run Installer Allows Remote Initial Admin Claim
MEDIUM 6.5
CVE-2026-42223
Nginx-UI Settings API Exposes Protected Secrets
HIGH 8.1
CVE-2026-42222
Nginx-UI: Unauthenticated first-boot instance claim via POST /api/install allows remote bootstrap takeover
CRITICAL 9.8
CVE-2026-42238
Nginx-UI is Vulnerable to Unauthenticated Remote Code Execution via Backup Restore
MEDIUM 6.5
CVE-2026-42220
Nginx-UI: Authenticated settings disclosure exposes node.secret and enables trusted-node authentication abuse, backup exfiltration, and restore-based nginx-ui state rollback
HIGH 8.1
CVE-2026-33031
Nginx-UI: Disabled users retain full API access through previously issued bearer tokens
HIGH 8.1
CVE-2026-34403
Nginx-UI: Cross-Site WebSocket Hijacking (CSWSH) via missing origin validation on all WebSocket endpoints
CRITICAL 9.8
CVE-2026-33032
nginx-ui's Unauthenticated MCP Endpoint Allows Remote Nginx Takeover
UNKNOWN
CVE-2026-33029
nginx-ui Vulnerable to DoS via Negative Integer Input in Logrotate Interval
HIGH 8.8
CVE-2026-33030
nginx-UI has Unencrypted Storage of DNS API Tokens and ACME Private Keys
UNKNOWN
CVE-2026-33027
Nginx Configuration Directory Vulnerable to Recursive Deletion via Improper Path Validation
UNKNOWN
CVE-2026-33026
nginx-ui Backup Restore Allows Tampering with Encrypted Backups
UNKNOWN
CVE-2026-33028
nginx-ui has Race Condition that Leads to Persistent Data Corruption and Service Collapse
UNKNOWN
CVE-2026-33030
nginx-UI has Unencrypted Storage of DNS API Tokens and ACME Private Keys in github.com/0xJacky/nginx-ui
UNKNOWN
CVE-2026-33028
nginx-ui has Race Condition that Leads to Persistent Data Corruption and Service Collapse in github.com/0xJacky/Nginx-UI
UNKNOWN
CVE-2026-33032
nginx-ui's Unauthenticated MCP Endpoint Allows Remote Nginx Takeover in github.com/0xJacky/Nginx-UI
UNKNOWN
CVE-2026-33027
Nginx Configuration Directory Vulnerable to Recursive Deletion via Improper Path Validation in github.com/0xJacky/Nginx-UI
UNKNOWN
CVE-2026-33026
nginx-ui Backup Restore Allows Tampering with Encrypted Backups in github.com/0xJacky/Nginx-UI
UNKNOWN
CVE-2026-33029
nginx-ui Vulnerable to DoS via Negative Integer Input in Logrotate Interval in github.com/0xJacky/Nginx-UI
CRITICAL 9.8
CVE-2026-27944
Nginx-UI Vulnerable to Unauthenticated Backup Download with Encryption Key Disclosure
UNKNOWN
CVE-2026-27944
Nginx-UI Vulnerable to Unauthenticated Backup Download with Encryption Key Disclosure in github.com/0xJacky/Nginx-UI
HIGH 7.7
CVE-2024-22197
Authenticated (user role) remote command execution by modifying `nginx` settings (GHSL-2023-269)
HIGH 7.0
CVE-2024-22196
Authenticated (user role) SQL injection in `OrderAndPaginate` (GHSL-2023-270)
HIGH 7.1
CVE-2024-22198
Authenticated (user role) arbitrary command execution by modifying `start_cmd` setting (GHSL-2023-268)
CRITICAL 9.8
CVE-2024-23827
Nginx-UI vulnerable to arbitrary file write through the Import Certificate feature
UNKNOWN
CVE-2024-23827
Nginx-UI vulnerable to arbitrary file write through the Import Certificate feature in github.com/0xJacky/Nginx-UI
UNKNOWN
CVE-2024-23828
Nginx-UI vulnerable to authenticated RCE through injecting into the application config via CRLF in github.com/0xJacky/Nginx-UI
HIGH 8.8
CVE-2024-23828
Nginx-UI vulnerable to authenticated RCE through injecting into the application config via CRLF
UNKNOWN
CVE-2024-22197
Remote command execution in github.com/0xJacky/Nginx-UI
UNKNOWN
CVE-2024-22196
SQL injection in github.com/0xJacky/Nginx-UI
UNKNOWN
CVE-2024-22198
Arbitrary command execution in github.com/0xJacky/Nginx-UI
Ready to move
Start Securing
Free, no credit card | First findings in minutes