github.com/0xJacky/Nginx-UI
Go12 known CVEs affecting this package
Aggregated from OSV, GitHub Security Advisories, NVD, and vendor advisories. Each CVE links to its full detail page with vendor advisories, patches, fixed versions, and remediation guidance.
CVEs affecting github.com/0xJacky/Nginx-UIpage 1 of 1
- CVE-2024-22196HIGHCVSS 7.0EG 7.0✓ Fixed in 1.9.10-0.20231219195202-ec93ab05a3ec2024-01-11
Nginx-UI is an online statistics for Server Indicators Monitor CPU usage, memory usage, load average, and disk usage in real-time. This issue may lead to information disclosure. By using `DefaultQuery`, the `"desc"` and `"id"` values…
- CVE-2024-22197HIGHCVSS 7.7EG 7.7✓ Fixed in 1.9.10-0.20231219184941-827e76c46e632024-01-11
Nginx-ui is online statistics for Server Indicators Monitor CPU usage, memory usage, load average, and disk usage in real-time. The `Home > Preference` page exposes a small list of nginx settings such as `Nginx Access Log Path` and `…
- CVE-2024-22198HIGHCVSS 7.1EG 7.1✓ Fixed in 1.9.10-0.20231219184941-827e76c46e632024-01-11
Nginx-UI is a web interface to manage Nginx configurations. It is vulnerable to arbitrary command execution by abusing the configuration settings. The `Home > Preference` page exposes a list of system settings such as `Run Mode`, `Jwt Secr…
- CVE-2024-23827CRITICALCVSS 9.8EG 9.82024-01-29
Nginx-UI is a web interface to manage Nginx configurations. The Import Certificate feature allows arbitrary write into the system. The feature does not check if the provided user input is a certification/key and allows to write into arbitr…
- CVE-2024-23828HIGHCVSS 8.8EG 8.82024-01-29
Nginx-UI is a web interface to manage Nginx configurations. It is vulnerable to an authenticated arbitrary command execution via CRLF attack when changing the value of test_config_cmd or start_cmd. This vulnerability exists due to an incom…
- CVE-2026-33029MEDIUMCVSS 6.5EG 6.52026-03-30
Nginx UI is a web user interface for the Nginx web server. Prior to version 2.3.4, an input validation vulnerability in the logrotate configuration allows an authenticated user to cause a complete Denial of Service (DoS). By submitting a n…
- CVE-2026-33031HIGHCVSS 8.1EG 8.1✓ Fixed in 1.9.10-0.20260314152518-7b66578adb472026-04-20
Nginx UI is a web user interface for the Nginx web server. Prior to version 2.3.4, a user who was disabled by an administrator can use previously issued API tokens for up to the token lifetime. In practice, disabling a compromised account …
- CVE-2026-33032CRITICALCVSS 9.8EG 9.82026-03-30
Nginx UI is a web user interface for the Nginx web server. In versions 2.3.5 and prior, the nginx-ui MCP (Model Context Protocol) integration exposes two HTTP endpoints: /mcp and /mcp_message. While /mcp requires both IP whitelisting and a…
- CVE-2026-34403HIGHCVSS 8.1EG 8.1✓ Fixed in 1.9.10-0.20260316053337-1a9cd29a30822026-04-20
Nginx UI is a web user interface for the Nginx web server. Prior to version 2.3.5, all WebSocket endpoints in nginx-ui use a gorilla/websocket Upgrader with CheckOrigin unconditionally returning true, allowing Cross-Site WebSocket Hijackin…
- CVE-2026-42220MEDIUMCVSS 6.5EG 6.52026-05-04
Nginx UI is a web user interface for the Nginx web server. Prior to version 2.3.8, an authenticated user can call GET /api/settings and retrieve sensitive configuration values, including node.secret. The same node.secret is accepted by Aut…
- CVE-2026-42221HIGHCVSS 8.1EG 8.1✓ Fixed in 2.3.82026-05-04
Nginx UI is a web user interface for the Nginx web server. From version 2.0.0 to before version 2.3.8, an unauthenticated network attacker can claim the initial administrator account on a fresh nginx-ui instance during the first-run setup …
- CVE-2026-44015HIGHCVSS 8.5EG 8.52026-05-12
Nginx UI is a web user interface for the Nginx web server. In 2.3.4 and earlier, an authenticated user can perform Server-Side Request Forgery (SSRF) by creating a cluster node pointing to an arbitrary internal URL and then sending API req…
Check whether github.com/0xJacky/Nginx-UI is used in your infrastructure
EchelonGraph scans your cloud and SBOMs to map every package to your actual deployments. See blast radius for github.com/0xJacky/Nginx-UI CVEs against the assets you own.
Start Free Scan →