CVE-2026-33026: nginx ui vulnerability

Nginx UI is a web user interface for the Nginx web server. Prior to version 2.3.4, the nginx-ui backup restore mechanism allows attackers to tamper with encrypted backup archives and inject malicious configuration during restoration. This issue has been pat...
CVE-2026-33026CVSS 9.4Web

CVE-2026-33026: nginx ui vulnerability

Nginx UI is a web user interface for the Nginx web server. Prior to version 2.3.4, the nginx-ui backup restore mechanism allows attackers to tamper with encrypted backup archives and inject malicious configuration during restoration. This issue has been pat...

CVSS
9.4 CRITICAL
EPSS
24.66%
Known exploited
not in KEV
Product
nginx ui

What is known

Nginx UI is a web user interface for the Nginx web server. Prior to version 2.3.4, the nginx-ui backup restore mechanism allows attackers to tamper with encrypted backup archives and inject malicious configuration during restoration. This issue has been patched in version 2.3.4.

Sources