Description
Nginx UI is a web user interface for the Nginx web server. Prior to version 2.3.4, the nginx-ui backup restore mechanism allows attackers to tamper with encrypted backup archives and inject malicious configuration during restoration. This issue has been patched in version 2.3.4.
Analysis
No analysis available yet.
Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).
| Vendor | Product | Default status | Versions | ||||||
|---|---|---|---|---|---|---|---|---|---|
| 0xJacky | nginx-ui | affected |
|
No data.
No data.
No data available yet.
Remediation
No remediation available yet.
Tracking
Sign in to view the affected projects.
Advisories
| Source | ID | Title |
|---|---|---|
 Github GHSA |
GHSA-fhh2-gg7w-gwpq | nginx-ui Backup Restore Allows Tampering with Encrypted Backups |
References
History
Mon, 30 Mar 2026 19:45:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Description | Nginx UI is a web user interface for the Nginx web server. Prior to version 2.3.4, the nginx-ui backup restore mechanism allows attackers to tamper with encrypted backup archives and inject malicious configuration during restoration. This issue has been patched in version 2.3.4. | |
| Title | nginx-ui Backup Restore Allows Tampering with Encrypted Backups | |
| Weaknesses | CWE-312 CWE-347 CWE-354 |
|
| References |
| |
| Metrics |
cvssV4_0
|
Subscriptions
No data.
MITRE
Status: PUBLISHED
Assigner: GitHub_M
Published:
Updated: 2026-03-30T19:26:27.695Z
Reserved: 2026-03-17T17:22:14.668Z
Link: CVE-2026-33026
Vulnrichment
No data.
NVD
No data.
Redhat
No data.
OpenCVE Enrichment
No data.