Skip to content
CVSS 8.1 · HIGH

CVE-2026-42222

Nginx UI is a web user interface for the Nginx web server. In version 2.3.5, an unauthenticated bootstrap takeover exists in nginx-ui during the initial installation window exposed by POST /api/install. At time of publication no public patches are available.

Ver en NVD

Análisis

Nginx UI version 2.3.5 is vulnerable to an unauthenticated bootstrap takeover during its initial installation phase. An attacker can hijack the setup process via the installation API if the interface is exposed to the public internet before configuration is complete.

Severidad

Puntaje: 8.1(HIGH)
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
AV: NETWORK
AC: HIGH
PR: NONE
UI: NONE
S: UNCHANGED
C: HIGH
I: HIGH
A: HIGH
Tipo de falla (CWE): CWE-284CWE-306

EPSS

Probabilidad de explotación (próx. 30 días): 0.0004 (0.0%)
Percentil: 12.4%
EPSS: 2026-05-06

Afecta

nginxui:nginx_ui

Descripción técnica

Nginx UI is a web user interface for the Nginx web server. In version 2.3.5, an unauthenticated bootstrap takeover exists in nginx-ui during the initial installation window exposed by POST /api/install. At time of publication no public patches are available.

Publicada: 4/5/2026, 21:16:32
Última modificación: 6/5/2026, 17:47:59

Referencias

InicioEventosBlogRecursosEquipo