CVE-2026-33027 in 0xJacky nginx-uiinfo

Zusammenfassung (Englisch)

Nginx UI is a web user interface for the Nginx web server. Prior to version 2.3.4, the nginx-ui configuration improperly handles URL-encoded traversal sequences. When specially crafted paths are supplied, the backend resolves them to the base Nginx configuration directory and executes the operation on the base directory (/etc/nginx). In particular, this allows an authenticated user to remove the entire /etc/nginx directory, resulting in a partial Denial of Service. This issue has been patched in version 2.3.4.

Zuständig

GitHub_M

Reservieren

17.03.2026

Veröffentlichung

30.03.2026

Einträge

VulDB provides additional information and datapoints for this CVE:

ID	Schwachstelle	CWE	Aus	Mas	CVE
354236	0xJacky nginx-ui Directory Traversal	22	Nicht definiert	Offizieller Fix	CVE-2026-33027

Beschreibung

CPE

CWE

CVSS

Exploits

History

Diff

Verknüpfen

Threat Intelligence

API JSON

API XML

API CSV

◂ ZurückÜbersichtWeiter ▸

Want to stay up to date on a daily basis?

Enable the mail alert feature now!