Package impact
Go / github.com/0xJacky/Nginx-UI
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2026-44015 | critical | 9.9 | 9.9 | 22d ago | Nginx-UI has Server-Side Request Forgery (SSRF) via Cluster Proxy Middleware that Allows Access to Internal Services | |||
| CVE-2026-42221 | critical | 9.8 | 9.8 | 1mo ago | Nginx-UI: Unauthenticated First-Run Installer Allows Remote Initial Admin Claim | |||
| CVE-2026-34403 | high | — | 8.0 | 1mo ago | Nginx-UI: Cross-Site WebSocket Hijacking (CSWSH) via missing origin validation on all WebSocket endpoints |