EUVD-2026-27133
GHSA-7jrr-xw9c-mj39
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Lifecycle Timeline
2DescriptionNVD
Nginx UI is a web user interface for the Nginx web server. Prior to version 2.3.8, an authenticated user can call GET /api/settings and retrieve sensitive configuration values, including node.secret. The same node.secret is accepted by AuthRequired() through the X-Node-Secret header (or node_secret query parameter), causing the request to be treated as authenticated via the trusted-node path and associated with the init user. This issue has been patched in version 2.3.8.
AnalysisAI
nginx-ui prior to version 2.3.8 exposes sensitive configuration values including node.secret via an authenticated GET /api/settings endpoint, allowing an authenticated user to retrieve the shared authentication secret and subsequently impersonate the init administrative user by sending requests with the stolen node.secret via the X-Node-Secret header or node_secret query parameter. This enables privilege escalation and full administrative access to the Nginx configuration interface without additional authentication.
Sign in for full analysis, threat intelligence, and remediation guidance.
More from same product – last 7 days
Heap buffer overflow in NGINX Plus and NGINX Open Source ngx_http_rewrite_module allows unauthenticated remote attackers
Pre-NVD disclosure via oss-security: oss-security mailing list - 2026/05/22. ty (Colm O hEigeartaigh <coheigea@...che.or
Arbitrary file write in the compliance-trestle Python library (versions 4.0.0-4.0.2 and any release below 3.12.2) lets a
Share
External POC / Exploit Code
Leaving vuln.today