Product

Nginx-UI

3 briefs RSS

medium advisory

nginx-ui Information Disclosure Vulnerability

2 rules 1 TTP

A remote, authenticated attacker can exploit a vulnerability in nginx-ui to disclose sensitive information.

nginx-ui information-disclosure web-application

2r 1t May 13, 2026

critical advisory

Nginx-UI Unauthenticated Remote Code Execution via Backup Restore

2 rules 2 TTPs

Nginx-UI is vulnerable to unauthenticated remote code execution (RCE) via the `POST /api/restore` endpoint, allowing attackers to inject arbitrary commands into the configuration.

nginx-ui rce authentication bypass command injection devops

2r 2t May 7, 2026

high advisory

Nginx-UI SSRF Vulnerability via Cluster Node Proxy

2 rules 1 TTP

Nginx-UI version 2.3.4 and earlier is vulnerable to Server-Side Request Forgery (SSRF) allowing authenticated users to access internal services by manipulating cluster node configurations.

Nginx-UI ssrf web-application

2r 1t Jan 3, 2024