Skip to main content

Nginx Agent

3 CVEs product

Monthly

CVE-2026-60062 MEDIUM PATCH This Month

Path traversal in F5 NGINX Agent via the config_dirs directive enables a remotely authenticated low-privileged attacker to read and write files outside of the directories designated as secure in the agent's configuration. The config_dirs directive can be set directly in the NGINX Agent configuration or through NGINX Instance Manager, expanding the attack surface across both products. No public exploit code or active exploitation has been identified at time of analysis, and a vendor patch is available per F5 advisory K000161971.

Nginx Path Traversal Nginx Agent Nginx Instance Manager
NVD
CVSS 4.0
5.3
CVE-2024-7634 MEDIUM This Month

NGINX Agent's "config_dirs" restriction feature allows a highly privileged attacker to gain the ability to write/overwrite files outside of the designated secure directory. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Nginx Nginx Agent Nginx Instance Manager
NVD
CVSS 4.0
6.9
EPSS
0.5%
CVE-2023-1550 MEDIUM This Month

Insertion of Sensitive Information into log file vulnerability in NGINX Agent. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Nginx Nginx Agent Nginx Instance Manager
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVSS 5.3
MEDIUM PATCH This Month

Path traversal in F5 NGINX Agent via the config_dirs directive enables a remotely authenticated low-privileged attacker to read and write files outside of the directories designated as secure in the agent's configuration. The config_dirs directive can be set directly in the NGINX Agent configuration or through NGINX Instance Manager, expanding the attack surface across both products. No public exploit code or active exploitation has been identified at time of analysis, and a vendor patch is available per F5 advisory K000161971.

Nginx Path Traversal Nginx Agent +1
NVD
EPSS 0% CVSS 6.9
MEDIUM This Month

NGINX Agent's "config_dirs" restriction feature allows a highly privileged attacker to gain the ability to write/overwrite files outside of the designated secure directory. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Nginx Nginx Agent +1
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

Insertion of Sensitive Information into log file vulnerability in NGINX Agent. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Nginx Nginx Agent +1
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy