top of page
perceptive_background_267k.jpg

Nginx UI is a web user interface for the Nginx web server. In version 2.3.5, an unauthenticated bootstrap takeover exists in nginx-ui during the initial install…

Published:

3 mei 2026 om 22:00:00

Alert date:

4 mei 2026 om 22:01:23

Source:

nvd.nist.gov

Click to open the original link from this advisory

Web Technologies

Nginx UI version 2.3.5 contains an unauthenticated bootstrap takeover vulnerability during initial installation. The vulnerability is exposed through the POST /api/install endpoint during the installation window. Attackers can exploit this flaw without authentication to take over the bootstrap process. No public patches are currently available for this vulnerability. The issue affects the web user interface for the Nginx web server.

Technical details

Mitigation steps:

Affected products:

Nginx UI

Related links:

https://nvd.nist.gov/vuln/detail/CVE-2026-42222
https://github.com/0xJacky/nginx-ui/security/advisories/GHSA-mxqh-q9h6-v8pq

Related CVE's:

Related threat actors:

IOC's:

This article was created with the assistance of AI technology by Perceptive.

About us

© 2025 by Perceptive Security. All rights reserved.

email: info@perceptivesecurity.com

Deze website toont informatie afkomstig van externe bronnen; Perceptive aanvaardt geen verantwoordelijkheid voor de juistheid, volledigheid of actualiteit van deze informatie.

bottom of page