EUVD-2026-27137
GHSA-mxqh-q9h6-v8pq
CVSS VectorNVD
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Lifecycle Timeline
1DescriptionNVD
Nginx UI is a web user interface for the Nginx web server. In version 2.3.5, an unauthenticated bootstrap takeover exists in nginx-ui during the initial installation window exposed by POST /api/install. At time of publication no public patches are available.
AnalysisAI
Unauthenticated bootstrap takeover in nginx-ui 2.3.5 allows remote attackers to hijack the initial installation process via crafted POST requests to /api/install endpoint. An attacker who successfully exploits the installation window gains full administrative control over the nginx-ui instance before legitimate administrators complete setup. …
Sign in for full analysis, threat intelligence, and remediation guidance.
RemediationAI
Within 24 hours: Immediately isolate any nginx-ui 2.3.5 instances from network access or restrict /api/install endpoint to trusted IP ranges only; audit deployment logs for suspicious POST requests to /api/install. Within 7 days: Complete the initial installation process on all active nginx-ui instances to close the installation window; evaluate upgrade to nginx-ui 2.4.0 or later if available, or consider alternative web server UI solutions. …
Sign in for detailed remediation steps.
More from same product – last 7 days
Heap buffer overflow in NGINX Plus and NGINX Open Source ngx_http_rewrite_module allows unauthenticated remote attackers
Pre-NVD disclosure via oss-security: oss-security mailing list - 2026/05/22. ty (Colm O hEigeartaigh <coheigea@...che.or
Arbitrary file write in the compliance-trestle Python library (versions 4.0.0-4.0.2 and any release below 3.12.2) lets a
Share
External POC / Exploit Code
Leaving vuln.today