| CVE |
Severity |
CVSS |
Risk |
Published |
Description |
Impact |
| CVE-2026-44015 |
critical |
9.9 |
9.9 |
15d ago |
Nginx-UI has Server-Side Request Forgery (SSRF) via Cluster Proxy Middleware that Allows Access to Internal Services |
|
| CVE-2026-42221 |
critical |
9.8 |
9.8 |
23d ago |
Nginx-UI: Unauthenticated First-Run Installer Allows Remote Initial Admin Claim |
|
| CVE-2026-42220 |
medium |
6.5 |
6.5 |
23d ago |
Nginx-UI: Authenticated settings disclosure exposes node.secret and enables trusted-node authentication abuse, backup exfiltration, and restore-based nginx-ui state rollback |
|