CVEFinder.io

CVE-2026-33026

⛔ critical
🔍 Scan for this CVE
Summary

Nginx UI is a web user interface for the Nginx web server. Prior to version 2.3.4, the nginx-ui backup restore mechanism allows attackers to tamper with encrypted backup archives and inject malicious configuration during restoration. This issue has been patched in version 2.3.4.

CVSS Score
9.1
Critical
EPSS Score
0.0
Exploit Probability
Published Date
2026-03-30
First Seen: 2026-03-31
📊 Relative Risk Intelligence

This CVE is High Risk - more severe than 87.7% of all 326,604 vulnerabilities in our database.

#40,129
Top 25% most severe
Severity Percentile
🎯 CISA SSVC Assessment Updated: Mar 31, 2026
🔍 Exploitation Status
Poc
Proof-of-concept available
⚙️ Automatable
YES
Can be exploited automatically
💥 Technical Impact
Total
Complete system compromise possible
SSVC data provided by CISA
Last Modified 2026-04-01
Source NVD 🔗
CVSS Vector 3.1 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
CVSS Vector 4.0 CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
CWE IDs (Weakness Types)
CWE-312 CWE-347 CWE-354

📦 Affected Products 1

Vendor Product Status Affected Versions
nginxui nginx_ui Affected
< 2.3.4

🔗 References 2

https://github.com/0xJacky/nginx-ui/releases/tag/v2.3.4
Product Release Notes
https://github.com/0xJacky/nginx-ui/security/advisor...
Exploit Mitigation Vendor Advisory

🔗 Related CVEs 6

CVE ID Severity CVSS EPSS Summary Published
CVE-2026-44015 ⚠️ high 8.5 0.0 Nginx UI is a web user interface for the Nginx web server. In 2.3.4 and earlier, an authenticated user can perform Serve... 2026-05-12
CVE-2026-33027 🔶 medium 6.5 0.1 Nginx UI is a web user interface for the Nginx web server. Prior to version 2.3.4, the nginx-ui configuration improperly... 2026-03-30
CVE-2026-33028 ⚠️ high 7.5 0.1 Nginx UI is a web user interface for the Nginx web server. Prior to version 2.3.4, the nginx-ui application is vulnerabl... 2026-03-30
CVE-2026-33029 🔶 medium 6.5 0.1 Nginx UI is a web user interface for the Nginx web server. Prior to version 2.3.4, an input validation vulnerability in ... 2026-03-30
CVE-2026-33030 ⚠️ high 8.8 0.0 Nginx UI is a web user interface for the Nginx web server. In versions 2.3.3 and prior, Nginx-UI contains an Insecure Di... 2026-03-30
CVE-2026-27944 ⛔ critical 9.8 1.0 Nginx UI is a web user interface for the Nginx web server. Prior to version 2.3.3, the /api/backup endpoint is accessibl... 2026-03-05
These CVEs affect the same products