VIR Vulnerability Intelligence Relay

Package impact

golang Go / github.com/0xJacky/Nginx-UI

Severitycriticalhighmediumlowunknown
0
KEVHas exploit
Reset
CVE Severity CVSS Risk Published Description Impact
CVE-2026-44015 critical 9.9 9.9 15d ago Nginx-UI has Server-Side Request Forgery (SSRF) via Cluster Proxy Middleware that Allows Access to Internal Services golang
CVE-2026-42221 critical 9.8 9.8 23d ago Nginx-UI: Unauthenticated First-Run Installer Allows Remote Initial Admin Claim golang
CVE-2026-34403 high 8.0 1mo ago Nginx-UI: Cross-Site WebSocket Hijacking (CSWSH) via missing origin validation on all WebSocket endpoints golang
CVE-2026-42220 medium 6.5 6.5 23d ago Nginx-UI: Authenticated settings disclosure exposes node.secret and enables trusted-node authentication abuse, backup exfiltration, and restore-based nginx-ui state rollback golang
CVE-2026-33031 unknown 1mo ago Nginx-UI: Disabled users retain full API access through previously issued bearer tokens golang
CVE-2026-33032 unknown 2mo ago nginx-ui's Unauthenticated MCP Endpoint Allows Remote Nginx Takeover in github.com/0xJacky/Nginx-UI golang
CVE-2026-33029 unknown 2mo ago nginx-ui Vulnerable to DoS via Negative Integer Input in Logrotate Interval in github.com/0xJacky/Nginx-UI golang
CVE-2026-33028 unknown 2mo ago nginx-ui has Race Condition that Leads to Persistent Data Corruption and Service Collapse in github.com/0xJacky/Nginx-UI golang
CVE-2026-33027 unknown 2mo ago Nginx Configuration Directory Vulnerable to Recursive Deletion via Improper Path Validation in github.com/0xJacky/Nginx-UI golang
CVE-2026-33026 unknown 2mo ago nginx-ui Backup Restore Allows Tampering with Encrypted Backups in github.com/0xJacky/Nginx-UI golang
CVE-2026-27944 unknown 3mo ago Nginx-UI Vulnerable to Unauthenticated Backup Download with Encryption Key Disclosure in github.com/0xJacky/Nginx-UI golang
CVE-2024-23828 unknown 2y ago Nginx-UI vulnerable to authenticated RCE through injecting into the application config via CRLF in github.com/0xJacky/Nginx-UI golang
CVE-2024-23827 unknown 2y ago Nginx-UI vulnerable to arbitrary file write through the Import Certificate feature in github.com/0xJacky/Nginx-UI golang
CVE-2024-22198 unknown 2y ago Arbitrary command execution in github.com/0xJacky/Nginx-UI golang
CVE-2024-22197 unknown 2y ago Remote command execution in github.com/0xJacky/Nginx-UI golang
CVE-2024-22196 unknown 2y ago SQL injection in github.com/0xJacky/Nginx-UI golang