| CVE |
Severity |
CVSS |
Risk |
Published |
Description |
Impact |
| CVE-2026-42238 |
critical |
9.8 |
9.8 |
23d ago |
Nginx-UI is Vulnerable to Unauthenticated Remote Code Execution via Backup Restore |
|
| CVE-2026-42222 |
critical |
9.8 |
9.8 |
23d ago |
Nginx-UI: Unauthenticated first-boot instance claim via POST /api/install allows remote bootstrap takeover |
|
| CVE-2026-42223 |
medium |
6.5 |
6.5 |
23d ago |
Nginx-UI Settings API Exposes Protected Secrets |
|
| CVE-2026-33030 |
unknown |
— |
— |
2mo ago |
nginx-UI has Unencrypted Storage of DNS API Tokens and ACME Private Keys in github.com/0xJacky/nginx-ui |
|