CVE-2026-33027
Nginx UI: Improper Path Validation Allows Recursive Deletion of the Nginx Configuration Directory
CVSS Score
0.0
EPSS Score
0.0%
EPSS Percentile
0th
Nginx UI is a web user interface for the Nginx web server. Prior to version 2.3.4, the nginx-ui configuration improperly handles URL-encoded traversal sequences. When specially crafted paths are supplied, the backend resolves them to the base Nginx configuration directory and executes the operation on the base directory (/etc/nginx). In particular, this allows an authenticated user to remove the entire /etc/nginx directory, resulting in a partial Denial of Service. This issue has been patched in version 2.3.4.
| CWE | CWE-22 CWE-73 |
| Vendor | 0xjacky |
| Product | nginx-ui |
| Published | Mar 30, 2026 |
| Last Updated | Mar 30, 2026 |
Stay Ahead of the Next One
Get instant alerts for 0xjacky nginx-ui
Be the first to know when new unknown vulnerabilities affecting 0xjacky nginx-ui are published โ delivered to Slack, Telegram or Discord.
Get Free Alerts โ
Free ยท No credit card ยท 60 sec setup
Affected Versions
0xJacky / nginx-ui
< 2.3.4