Package impact
Go / github.com/0xJacky/Nginx-UI
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2026-44015 | critical | 9.9 | 9.9 | 23d ago | Nginx-UI has Server-Side Request Forgery (SSRF) via Cluster Proxy Middleware that Allows Access to Internal Services | |||
| CVE-2026-42221 | critical | 9.8 | 9.8 | 1mo ago | Nginx-UI: Unauthenticated First-Run Installer Allows Remote Initial Admin Claim | |||
| CVE-2026-34403 | high | — | 8.0 | 1mo ago | Nginx-UI: Cross-Site WebSocket Hijacking (CSWSH) via missing origin validation on all WebSocket endpoints | |||
| CVE-2026-42220 | medium | 6.5 | 6.5 | 1mo ago | Nginx-UI: Authenticated settings disclosure exposes node.secret and enables trusted-node authentication abuse, backup exfiltration, and restore-based nginx-ui state rollback |