top of page
perceptive_background_267k.jpg

Nginx UI is a web user interface for the Nginx web server. In versions 2.3.3 and prior, Nginx-UI contains an Insecure Direct Object Reference (IDOR) vulnerabili…

Published:

29 maart 2026 om 22:00:00

Alert date:

30 maart 2026 om 19:01:30

Source:

nvd.nist.gov

Click to open the original link from this advisory

Web Technologies, Identity & Access

Nginx UI versions 2.3.3 and prior contain an Insecure Direct Object Reference (IDOR) vulnerability that allows authenticated users to access, modify, and delete resources belonging to other users. The vulnerability stems from the application's base Model struct lacking a user_id field, with all resource endpoints performing queries by ID without verifying user ownership. This enables complete authorization bypass in multi-user environments. No publicly available patches exist at the time of publication.

Technical details

Mitigation steps:

Affected products:

Nginx UI

Related links:

https://nvd.nist.gov/vuln/detail/CVE-2026-33030
https://github.com/0xJacky/nginx-ui/security/advisories/GHSA-5hf2-vhj6-gj9m

Related CVE's:

Related threat actors:

IOC's:

This article was created with the assistance of AI technology by Perceptive.

About us

© 2025 by Perceptive Security. All rights reserved.

email: info@perceptivesecurity.com

Deze website toont informatie afkomstig van externe bronnen; Perceptive aanvaardt geen verantwoordelijkheid voor de juistheid, volledigheid of actualiteit van deze informatie.

bottom of page