CVE-2026-44015

<= 2.3.4

Nginx UI is a web user interface for the Nginx web server. In 2.3.4 and earlier, an authenticated user can perform Server-Side Req

8.5HIGH

CVE-2026-42238

< 2.3.8

Nginx UI is a web user interface for the Nginx web server. Prior to version 2.3.8, nginx-ui exposes a backup restore endpoint (POS

9.8CRITICAL

CVE-2026-42223

< 2.3.8

Nginx UI is a web user interface for the Nginx web server. Prior to version 2.3.8, the GetSettings API handler (api/settings/setti

6.5MEDIUM

CVE-2026-42222

all versions

Nginx UI is a web user interface for the Nginx web server. In version 2.3.5, an unauthenticated bootstrap takeover exists in nginx

8.1HIGH

CVE-2026-42221

>= 2.0.0 and < 2.3.8

Nginx UI is a web user interface for the Nginx web server. From version 2.0.0 to before version 2.3.8, an unauthenticated network

8.1HIGH

CVE-2026-42220

< 2.3.8

Nginx UI is a web user interface for the Nginx web server. Prior to version 2.3.8, an authenticated user can call GET /api/setting

6.5MEDIUM

CVE-2026-34403

< 2.3.5

Nginx UI is a web user interface for the Nginx web server. Prior to version 2.3.5, all WebSocket endpoints in nginx-ui use a goril

8.1HIGH

CVE-2026-33031

< 2.3.4

Nginx UI is a web user interface for the Nginx web server. Prior to version 2.3.4, a user who was disabled by an administrator can

8.1HIGH

CVE-2026-33026

< 2.3.4

Nginx UI is a web user interface for the Nginx web server. Prior to version 2.3.4, the nginx-ui backup restore mechanism allows at

9.1CRITICAL

CVE-2026-33032

<= 2.3.5

Nginx UI is a web user interface for the Nginx web server. In versions 2.3.5 and prior, the nginx-ui MCP (Model Context Protocol)

9.8CRITICAL

CVE-2026-33030

<= 2.3.3

Nginx UI is a web user interface for the Nginx web server. In versions 2.3.3 and prior, Nginx-UI contains an Insecure Direct Objec

8.8HIGH

CVE-2026-33029

< 2.3.4

Nginx UI is a web user interface for the Nginx web server. Prior to version 2.3.4, an input validation vulnerability in the logrot

6.5MEDIUM

CVE-2026-33028

< 2.3.4

Nginx UI is a web user interface for the Nginx web server. Prior to version 2.3.4, the nginx-ui application is vulnerable to a Rac

7.5HIGH

CVE-2026-33027

< 2.3.4

Nginx UI is a web user interface for the Nginx web server. Prior to version 2.3.4, the nginx-ui configuration improperly handles U

6.5MEDIUM

CVE-2026-27944

< 2.3.3

Nginx UI is a web user interface for the Nginx web server. Prior to version 2.3.3, the /api/backup endpoint is accessible without

9.8CRITICAL

CVE-2024-49368

<= 1.9.9-4

Nginx UI is a web user interface for the Nginx web server. Prior to version 2.0.0-beta.36, when Nginx UI configures logrotate, it

9.8CRITICAL

CVE-2024-49367

<= 1.9.9-4

Nginx UI is a web user interface for the Nginx web server. Prior to version 2.0.0-beta.36, the log path of nginxui is controllable

7.5HIGH

CVE-2024-49366

<= 1.9.9-4

Nginx UI is a web user interface for the Nginx web server. Nginx UI v2.0.0-beta.35 and earlier gets the value from the json field

7.5HIGH

CVE-2024-23828

< 2.0.0

Nginx-UI is a web interface to manage Nginx configurations. It is vulnerable to an authenticated arbitrary command execution via C

8.8HIGH

CVE-2024-23827

all versions

Nginx-UI is a web interface to manage Nginx configurations. The Import Certificate feature allows arbitrary write into the system.

9.8CRITICAL

CVE-2024-22198

< 2.0.0

Nginx-UI is a web interface to manage Nginx configurations. It is vulnerable to arbitrary command execution by abusing the configu

7.1HIGH

CVE-2024-22196

< 2.0.0

Nginx-UI is an online statistics for Server Indicators​​ Monitor CPU usage, memory usage, load average, and disk usage in real

7.0HIGH

CVE-2024-22197

< 2.0.0

Nginx-ui is online statistics for Server Indicators​​ Monitor CPU usage, memory usage, load average, and disk usage in real-ti

7.7HIGH