Package impact
GO / github.com/0xJacky/Nginx-UI
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2026-34403 | high | — | 8.0 | 1mo ago | Nginx-UI: Cross-Site WebSocket Hijacking (CSWSH) via missing origin validation on all WebSocket endpoints | |||
| CVE-2026-42220 | medium | 6.5 | 6.5 | 1mo ago | Nginx-UI: Authenticated settings disclosure exposes node.secret and enables trusted-node authentication abuse, backup exfiltration, and restore-based nginx-ui state rollback |