CVE-2026-42222

Summary

Nginx UI is a web user interface for the Nginx web server. In version 2.3.5, an unauthenticated bootstrap takeover exists in nginx-ui during the initial installation window exposed by POST /api/install. At time of publication no public patches are available.

Affected Software

VendorProductVersion RangeStatus
0xJackynginx-ui= 2.3.5affected

Weaknesses

  • CWE-306: CWE-306: Missing Authentication for Critical Function
  • CWE-284: CWE-284: Improper Access Control

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: poc
    • Automatable: no
    • Technical Impact: total

Additional References

References