Zero Day MonitorZDM

← Back to list

8.8

CVE-2026-33030

go · github.com/0xjacky/nginx-ui

Nginx UI: Unencrypted Storage of DNS API Tokens and ACME Private Keys

Description

A vulnerability was found in 0xJacky Nginx-UI and classified as problematic. Affected is an unknown function of the component Private Key Handler. Executing a manipulation can lead to unprotected storage of credentials. This vulnerability is tracked as CVE-2026-33030. The attack is restricted to local execution.

Affected Products

Vendor	Product	Versions
go	github.com/0xjacky/nginx-ui	go/github.com/0xJacky/nginx-ui: <= 1.99

References

https://github.com/0xJacky/nginx-ui/security/advisories/GHSA-5hf2-vhj6-gj9m(x_refsource_CONFIRM)

Related News (1 articles)

Tier C

VulDB6h ago

CVE-2026-33030 | 0xJacky Nginx-UI Private Key credentials storage

→ No new info (linked only)

CVSS 3.18.8 HIGH

VectorCVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

CISA KEV❌ No

Actively exploited❌ No

CWECWE-78, CWE-639

PublishedMar 30, 2026

Last enriched6h agov2

Tags

GHSA-5hf2-vhj6-gj9mgoCVE-2026-33030

Trending Score27

Source articles1

Independent1

Info Completeness8/14

Missing: epss, kev, exploit, patch, iocs, mitre_attack

Community Vote

0 upvotes0 downvotes

No votes yet

Related CVEs (5)

CRITICALCVE-2026-33032EXP

Nginx UI: Unauthenticated MCP Endpoint Allows Remote Nginx Takeover

MEDIUMCVE-2026-33027EXP

Nginx UI: Improper Path Validation Allows Recursive Deletion of the Nginx Configuration Directory

HIGHCVE-2026-33028EXP

Nginx UI: Race Condition Leads to Persistent Data Corruption and Service Collapse

CRITICALCVE-2026-34041EXP

act: Unrestricted set-env and add-path command processing enables environment injection

MEDIUMCVE-2026-33029

Nginx UI: DoS via Negative Integer Input in Logrotate Interval

Pin to Dashboard

Verification

State: unverified

Confidence: 0%

Vulnerability Timeline

CVE Published

Mar 30, 2026

Discovered by ZDM

Mar 30, 2026

Updated: description, severity, tags

Mar 30, 2026

Version History

v2

Last enriched 6h ago

v2Tier C6h ago

Updated description with new details about the vulnerability and changed severity to MEDIUM.

descriptionseveritytags

via VulDB

v18h ago

Initial creation