CVE-2026-42238 - Unauthenticated Remote Code Execution via Backup Restore in nginx-ui
CVE ID :CVE-2026-42238 Published : May 4, 2026, 9:16 p.m. | 54 minutes ago Description :Nginx UI is a web user interface for the Nginx web server. Prior to version 2.3.8, nginx-ui exposes a backup restore endpoint (POST /api/restore) that is completely unauthenticated during the first 10 minut
ORIGINAL SOURCE →via CVE Feed Latest
ADVERTISEMENT
⚡ STAY AHEAD
Events like this, convergence-verified across 689 sources, land in your inbox every Sunday. Free.
GET THE SUNDAY BRIEFING →RELATED · cyber
- [CYBER] L1 SOC Analyst for ~2 years - Should I still get the Security + Certification?
- [CYBER] Someone Built an Open-Source 'Theoretical Mythos' to Reverse-Engineer Anthropic's Most Dangerous AI
- [CYBER] Podman rootless containers and the Copy Fail exploit
- [CYBER] Weaver E-cology critical bug exploited in attacks since March
- [CYBER] CVE-2026-7776 - Boundary Workers Vulnerable to Denial of Service During TLS Handshake
- [CYBER] MOVEit automation flaws could enable full system compromise