The nginx-ui product has a vulnerability that allows Cross-Site WebSocket Hijacking due to an improperly configured WebSocket Upgrader.
Claims
The nginx-ui product has a vulnerability that allows Cross-Site WebSocket Hijacking due to an improperly configured WebSocket Upgrader.
Parent: CybersecurityEntity: nginx-uiImpact: negativeDate: Apr 20, 2026Target: The security of the nginx-ui product
The nginx-ui product has a vulnerability that allows unauthorized API token usage even after an account is disabled.
Parent: CybersecurityEntity: nginx-uiImpact: negativeDate: Apr 20, 2026Target: The security of the nginx-ui product
Source posts
๐จ EUVD-2026-23965
๐ Score: 8.6/10 (CVSS v3.1)
๐ฆ Product: nginx-ui
๐ข Vendor: 0xJacky
๐
Updated: 2026-04-20
๐ Nginx UI is a web user interface for the Nginx web server. Prior to version 2.3.4, a user who was disabled by an administrator can use previously issued API tokens for up to the token lifetime. In practice, disabling a compromised account does not actually ...
๐ https://euvd.enisa.europa.eu/vulnerability/EUVD-2026-23965
#cybersecurity #infosec #euvd #cve #vulnerability
1 boosts ยท 0 favs ยท 0 replies ยท Apr 20, 2026
#cybersecurity#infosec#euvd#cve#vulnerability
๐จ EUVD-2026-23972
๐ Score: 5.5/10 (CVSS v3.1)
๐ฆ Product: nginx-ui
๐ข Vendor: 0xJacky
๐
Updated: 2026-04-20
๐ Nginx UI is a web user interface for the Nginx web server. Prior to version 2.3.5, all WebSocket endpoints in nginx-ui use a gorilla/websocket Upgrader with CheckOrigin unconditionally returning true, allowing Cross-Site WebSocket Hijacking (CSWSH). Combine...
๐ https://euvd.enisa.europa.eu/vulnerability/EUVD-2026-23972
#cybersecurity #infosec #euvd #cve #vulnerability
1 boosts ยท 0 favs ยท 0 replies ยท Apr 20, 2026
#cybersecurity#infosec#euvd#cve#vulnerability