CRITICAL🇵🇱 Wersja polska

CVE-2026-27944

CVSS 9.8v3.1pub. 2026-03-05upd. 2026-03-10

Nginx UI is a web user interface for the Nginx web server. Prior to version 2.3.3, the /api/backup endpoint is accessible without authentication and discloses the encryption keys required to decrypt the backup in the X-Backup-Security response header. This allows an unauthenticated attacker to download a full system backup containing sensitive data (user credentials, session tokens, SSL private keys, Nginx configurations) and decrypt it immediately. This issue has been patched in version 2.3.3.

🤖 AI Analysis
How it works

The vulnerability results from the lack of authentication mechanism (CWE-306) on the /api/backup endpoint and unsecured transmission of sensitive data (CWE-311). An attacker sends an HTTP request to /api/backup without any credentials and downloads the backup archive. The server simultaneously returns encryption keys in the X-Backup-Security header, allowing immediate decryption of the downloaded archive without additional steps.

Impact

An attacker gains access to a complete system backup containing user credentials, session tokens, private SSL keys, and Nginx configurations, which in practice means complete takeover of the system.

Mitigation & patch

Update Nginx UI to version 2.3.3 or newer, where the vulnerability has been removed. Until the update is applied, it is recommended to restrict network access to the Nginx UI administrative interface using firewall or network-level access control mechanisms.

Who is affected

Nginx UI versions before 2.3.3

Analysis generated by Claude AI (Anthropic) based on NVD data. Always verify with vendor.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Nginxui nginx Ui

    APP
    Nginxui
    < 2.3.3
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
Auth Bypass
CWE
References

Related vulnerabilities

CVE-2026-42238CRITICAL9.0PL ✓ten sam produkt

Nginx UI: nieuwierzytelnione RCE przez endpoint przywracania kopii zapasowej

CVE-2026-33032CRITICAL9.8PL ✓ten sam produkt

Nginx UI: nieuwierzytelniony dostęp do endpointu MCP umożliwia przejęcie serwera

CVE-2026-33026CRITICAL9.4PL ✓ten sam produkt

Nginx UI: manipulacja zaszyfrowanymi kopiami zapasowymi i wstrzyknięcie konfiguracji

CVE-2024-23827CRITICAL9.8PL ✓ten sam produkt

Nginx-UI: path traversal w imporcie certyfikatów umożliwia RCE

CVE-2026-44015HIGH8.5ten sam produkt

Nginx UI is a web user interface for the Nginx web server. In 2.3.4 and earlier, an authenticated user can per...