Zero Day MonitorZDM

← Back to list

9.8

CVE-2026-27944KEVEXPLOITEDPATCHED

nginxui · nginx_ui

Nginx UI is a web user interface for the Nginx web server. Prior to version 2.3.3, the /api/backup endpoint is accessible without authentication and discloses the encryption keys required to decrypt t

Description

Nginx UI is a web user interface for the Nginx web server. Prior to version 2.3.3, the /api/backup endpoint is accessible without authentication and discloses the encryption keys required to decrypt the backup in the X-Backup-Security response header. This allows an unauthenticated attacker to download a full system backup containing sensitive data (user credentials, session tokens, SSL private keys, Nginx configurations) and decrypt it immediately. This issue has been patched in version 2.3.3.

Affected Products

Vendor	Product	Versions
nginxui	nginx_ui	< 2.3.3, < 2.3.4

References

https://github.com/0xJacky/nginx-ui/security/advisories/GHSA-g9w5-qffc-6762(Exploit, Vendor Advisory)

Related News (1 articles)

Tier D

SecurityWeek5h ago

Exploited Vulnerability Exposes Nginx Servers to Hacking

→ No new info (linked only)

CVSS 3.19.8 CRITICAL

VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CISA KEV✅ Yes

Actively exploited✅ Yes

Patch available

2.3.3

CWECWE-306, CWE-311

PublishedMar 5, 2026

Last enriched5h agov2

Trending Score97

Source articles1

Independent1

Info Completeness10/14

Missing: epss, exploit, iocs, mitre_attack

Community Vote

0 upvotes0 downvotes

No votes yet

Related CVEs (5)

CRITICALCVE-2026-33032EXPKEV

Nginx UI is a web user interface for the Nginx web server. In versions 2.3.5 and prior, the nginx-ui MCP (Model Context Protocol) integration exposes two HTTP endpoints: /mcp and /mcp_message. While /

HIGHCVE-2026-33030

Nginx UI is a web user interface for the Nginx web server. In versions 2.3.3 and prior, Nginx-UI contains an Insecure Direct Object Reference (IDOR) vulnerability that allows any authenticated user to

CRITICALCVE-2026-33026

Nginx UI is a web user interface for the Nginx web server. Prior to version 2.3.4, the nginx-ui backup restore mechanism allows attackers to tamper with encrypted backup archives and inject malicious

HIGHCVE-2026-33028

Nginx UI is a web user interface for the Nginx web server. Prior to version 2.3.4, the nginx-ui application is vulnerable to a Race Condition. Due to the complete absence of synchronization mechanisms

MEDIUMCVE-2026-33027

Nginx UI is a web user interface for the Nginx web server. Prior to version 2.3.4, the nginx-ui configuration improperly handles URL-encoded traversal sequences. When specially crafted paths are suppl

Pin to Dashboard

Verification

State: verified

Confidence: 100%

Vulnerability Timeline

CVE Published

Mar 5, 2026

Added to CISA KEV

Mar 5, 2026

Actively Exploited

Mar 10, 2026

Patch Available

Mar 10, 2026

Discovered by ZDM

Apr 1, 2026

Updated: affectedVersions

Apr 15, 2026

Version History

v2

Last enriched 5h ago

v2Tier D5h ago

Updated description with new technical details, changed affected versions to < 2.3.4, and updated patch version to 2.3.4.

affectedVersions

via SecurityWeek

v114d ago

Initial creation