github.com/0xJacky/Nginx-UI (Go) — known CVEs & security advisories
Known CVE vulnerabilities and GitHub Security Advisories affecting the Go package github.com/0xJacky/Nginx-UI, with affected version ranges, CVSS severity, EPSS exploit prediction, and CISA KEV status.
CVEs (20)
CVE-2024-23827 — CVSS 9.8 (critical): Nginx-UI is a web interface to manage Nginx configurations. The Import Certificate feature allows arbitrary write into the system. The…
CVE-2026-42238 — CVSS 9.8 (critical): Nginx UI is a web user interface for the Nginx web server. Prior to version 2.3.8, nginx-ui exposes a backup restore endpoint (POST…
CVE-2026-33032 — CVSS 9.8 (critical): Nginx UI is a web user interface for the Nginx web server. In versions 2.3.5 and prior, the nginx-ui MCP (Model Context Protocol)…
CVE-2026-27944 — CVSS 9.8 (critical): Nginx UI is a web user interface for the Nginx web server. Prior to version 2.3.3, the /api/backup endpoint is accessible without…
CVE-2026-33026 — CVSS 9.1 (critical): Nginx UI is a web user interface for the Nginx web server. Prior to version 2.3.4, the nginx-ui backup restore mechanism allows attackers…
CVE-2024-23828 — CVSS 8.8 (high): Nginx-UI is a web interface to manage Nginx configurations. It is vulnerable to an authenticated arbitrary command execution via CRLF…
CVE-2026-33030 — CVSS 8.8 (high): Nginx UI is a web user interface for the Nginx web server. In versions 2.3.3 and prior, Nginx-UI contains an Insecure Direct Object…
CVE-2026-44015 — CVSS 8.5 (high): Nginx UI is a web user interface for the Nginx web server. In 2.3.4 and earlier, an authenticated user can perform Server-Side Request…
CVE-2026-33031 — CVSS 8.1 (high): Nginx UI is a web user interface for the Nginx web server. Prior to version 2.3.4, a user who was disabled by an administrator can use…
CVE-2026-42221 — CVSS 8.1 (high): Nginx UI is a web user interface for the Nginx web server. From version 2.0.0 to before version 2.3.8, an unauthenticated network attacker…
CVE-2026-34403 — CVSS 8.1 (high): Nginx UI is a web user interface for the Nginx web server. Prior to version 2.3.5, all WebSocket endpoints in nginx-ui use a…
CVE-2026-42222 — CVSS 8.1 (high): Nginx UI is a web user interface for the Nginx web server. In version 2.3.5, an unauthenticated bootstrap takeover exists in nginx-ui…
CVE-2024-22197 — CVSS 7.7 (high): Nginx-ui is online statistics for Server Indicators Monitor CPU usage, memory usage, load average, and disk usage in real-time. The…
CVE-2026-33028 — CVSS 7.5 (high): Nginx UI is a web user interface for the Nginx web server. Prior to version 2.3.4, the nginx-ui application is vulnerable to a Race…
CVE-2024-22198 — CVSS 7.1 (high): Nginx-UI is a web interface to manage Nginx configurations. It is vulnerable to arbitrary command execution by abusing the configuration…
CVE-2024-22196 — CVSS 7.0 (high): Nginx-UI is an online statistics for Server Indicators Monitor CPU usage, memory usage, load average, and disk usage in real-time…
CVE-2026-42220 — CVSS 6.5 (medium): Nginx UI is a web user interface for the Nginx web server. Prior to version 2.3.8, an authenticated user can call GET /api/settings and…
CVE-2026-42223 — CVSS 6.5 (medium): Nginx UI is a web user interface for the Nginx web server. Prior to version 2.3.8, the GetSettings API handler (api/settings/settings.go:24-…
CVE-2026-33027 — CVSS 6.5 (medium): Nginx UI is a web user interface for the Nginx web server. Prior to version 2.3.4, the nginx-ui configuration improperly handles…
CVE-2026-33029 — CVSS 6.5 (medium): Nginx UI is a web user interface for the Nginx web server. Prior to version 2.3.4, an input validation vulnerability in the logrotate…