nginx-ui Multiple Vulnerabilities CVSS 9.6 Critical
Summary
CERT-Bund published security advisory WID-SEC-2026-1276 identifying critical vulnerabilities in open-source nginx-ui (web interface for Nginx server management) affecting versions prior to 2.3.8. The CVSS Base Score is 9.6 (Critical) and the CVSS Temporal Score is 8.6 (High), with remote attack confirmed. Attackers can exploit these vulnerabilities to execute arbitrary code with root privileges, obtain administrator access, gain full system control, or disclose confidential information.
“Ein Angreifer kann mehrere Schwachstellen in nginx-ui ausnutzen, um beliebigen Code mit Root-Rechten auszuführen, sich Administratorrechte zu verschaffen und die vollständige Kontrolle über das System zu erlangen oder vertrauliche Informationen offenzulegen.”
Organisations running nginx-ui web interfaces should verify their current version and upgrade to 2.3.8 or later immediately. Given the confirmed remote attack vector and root-privilege execution capability, affected deployments should treat this as a critical patching priority regardless of network segmentation controls.
About this source
CERT-Bund is the German federal cybersecurity agency's incident response team, run by the BSI. Their advisory feed publishes vulnerability disclosures and active exploitation warnings for software in widespread enterprise use: VPN appliances, email servers, file transfer products, ERP systems, browsers, hypervisors. Around 280 advisories a month, each with a CVSS score, affected versions, and remediation guidance. The advisories are written in German but cover the same vulnerabilities that show up in CISA, NCSC-UK, and JPCERT bulletins, often hours earlier. Watch this if you patch enterprise software, run a SOC, or write detection rules. GovPing publishes each advisory with the affected vendor, CVSS score, and original CERT-Bund link.
What changed
CERT-Bund issued a critical security advisory for Open Source nginx-ui, identifying multiple vulnerabilities in versions prior to 2.3.8. The vulnerabilities carry a CVSS Base Score of 9.6 (Critical) and a Temporal Score of 8.6 (High). Remote exploitation is confirmed.
Organisations running nginx-ui should update to version 2.3.8 or later as a mitigation measure. The vulnerabilities allow attackers to achieve remote code execution with root privileges, administrator access, complete system compromise, and disclosure of sensitive information.
Archived snapshot
Apr 27, 2026GovPing captured this document from the original source. If the source has since changed or been removed, this is the text as it existed at that time.
[WID-SEC-2026-1276] nginx-ui: Mehrere Schwachstellen CVSS Base Score 9.6 (kritisch) CVSS Temporal Score 8.6 (hoch) Remoteangriff ja Datum 26.04.2026 Stand 27.04.2026 Mitigation ja
Betroffene Systeme
Betriebssystem
- Sonstiges
- UNIX
Produktbeschreibung
nginx-ui ist eine Open-Source-Weboberfläche zur Verwaltung und Konfiguration von Nginx-Webservern.
Produkte
26.04.2026
- Open Source nginx-ui <2.3.8
Angriff
Angriff
Ein Angreifer kann mehrere Schwachstellen in nginx-ui ausnutzen, um beliebigen Code mit Root-Rechten auszuführen, sich Administratorrechte zu verschaffen und die vollständige Kontrolle über das System zu erlangen oder vertrauliche Informationen offenzulegen. CVE Informationen Versionshistorie Feedback zum Advisory geben
Related changes
Get daily alerts for CERT-Bund Security Advisories
Daily digest delivered to your inbox.
Free. Unsubscribe anytime.
Source
About this page
Every important government, regulator, and court update from around the world. One place. Real-time. Free. Our mission
Source document text, dates, docket IDs, and authority are extracted directly from CERT-Bund.
The summary, classification, recommended actions, deadlines, and penalty information are AI-generated from the original text and may contain errors. Always verify against the source document.
Classification
Who this affects
Taxonomy
Browse Categories
Get alerts for this source
We'll email you when CERT-Bund Security Advisories publishes new changes.
Subscribed!
Optional. Filters your digest to exactly the updates that matter to you.