Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

nginx-ui — Vulnerabilities & Security Advisories 17

All 17 CVE vulnerabilities found in nginx-ui, with AI-generated Chinese analysis, references, and POCs.

Vendor: 0xJacky

CVE IDTitleCVSSSeverityPublished
CVE-2026-34403 Nginx-UI vulnerable to Cross-Site WebSocket Hijacking (CSWSH) via missing origin validation on all WebSocket endpoints CWE-1385 8.8AIHighAI2026-04-20
CVE-2026-33031 Nginx-UI: Disabled users retain full API access through previously issued bearer tokens CWE-284 8.8AIHighAI2026-04-20
CVE-2026-33026 nginx-ui Backup Restore Allows Tampering with Encrypted Backups CWE-312 8.8 -2026-03-30
CVE-2026-33027 Nginx UI: Improper Path Validation Allows Recursive Deletion of the Nginx Configuration Directory CWE-22 7.1 -2026-03-30
CVE-2026-33028 Nginx UI: Race Condition Leads to Persistent Data Corruption and Service Collapse CWE-362 8.1 -2026-03-30
CVE-2026-33029 Nginx UI: DoS via Negative Integer Input in Logrotate Interval CWE-20 6.5 -2026-03-30
CVE-2026-33030 Nginx UI: Unencrypted Storage of DNS API Tokens and ACME Private Keys CWE-78 8.8 High2026-03-30
CVE-2026-33032 Nginx UI: Unauthenticated MCP Endpoint Allows Remote Nginx Takeover CWE-306 9.8 Critical2026-03-30
CVE-2026-27944 Nginx UI: Unauthenticated Backup Download with Encryption Key Disclosure CWE-311 9.8 Critical2026-03-05
CVE-2024-49368 Unchecked logrotate settings lead to arbitrary command execution CWE-20 8.8AIHighAI2024-10-21
CVE-2024-49367 Nginx UI's log path can be controlled CWE-862 7.5AIHighAI2024-10-21
CVE-2024-49366 Nginx UI's json field can construct a directory traversal payload, causing arbitrary files to be written CWE-22 9.8AICriticalAI2024-10-21
CVE-2024-23828 Nginx-UI authenticated RCE through injecting into the application config via CRLF CWE-74 8.8 High2024-01-29
CVE-2024-23827 Nginx-UI arbitrary file write through the Import Certificate feature CWE-22 9.8 Critical2024-01-29
CVE-2024-22198 Authenticated (user role) arbitrary command execution by modifying `start_cmd` setting (GHSL-2023-268) CWE-77 7.1 High2024-01-11
CVE-2024-22196 Authenticated (user role) SQL injection in `OrderAndPaginate` (GHSL-2023-270) CWE-89 7.0 High2024-01-11
CVE-2024-22197 Authenticated (user role) remote command execution by modifying `nginx` settings (GHSL-2023-269) CWE-77 7.7 High2024-01-11

All 17 known CVE vulnerabilities affecting nginx-ui with full Chinese analysis, references, and POCs where available.