AI description
CVE-2026-27944 is an authentication bypass and information disclosure vulnerability affecting Nginx UI, a web user interface for the Nginx web server, in versions prior to 2.3.3. The vulnerability stems from the `/api/backup` endpoint being accessible without requiring any authentication. Compounding this issue, the encryption keys necessary to decrypt the downloaded backup are disclosed within the `X-Backup-Security` response header. This allows an unauthenticated attacker to download a complete system backup, which can contain sensitive data such as user credentials, session tokens, SSL private keys, and Nginx configurations, and then immediately decrypt it.
- Description
- Nginx UI is a web user interface for the Nginx web server. Prior to version 2.3.3, the /api/backup endpoint is accessible without authentication and discloses the encryption keys required to decrypt the backup in the X-Backup-Security response header. This allows an unauthenticated attacker to download a full system backup containing sensitive data (user credentials, session tokens, SSL private keys, Nginx configurations) and decrypt it immediately. This issue has been patched in version 2.3.3.
- Source
- security-advisories@github.com
- NVD status
- Analyzed
- Products
- nginx_ui
CVSS 3.1
- Type
- Secondary
- Base score
- 9.8
- Impact score
- 5.9
- Exploitability score
- 3.9
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
- Severity
- CRITICAL
- security-advisories@github.com
- CWE-306
- Hype score
- Not currently trending
Nginx-UIdeki yedekleme sızıntısından root kabuğuna uzanan CVE-2026-3888 ve Snap Copy-Fail root açığı CVE-2026-27944 - yarın detayları paylaşıyoruz. Takipte kalın. https://t.co/2SElhCfANS
@r3csec
20 May 2026
0 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
NEW Videoo: CVE-2026-3888: Nginx-UI Backup Leak to Root Shell + CVE-2026-27944 Snap Copy-Fail Root New video covering a full Linux exploitation chain: Unauth API → Backup leak → Credential cracking → SSH → Snapd TOCTOU privesc → Root shell https://t.co/VjCTRiQlpy
@NullSecurityX
13 May 2026
5208 Impressions
13 Retweets
45 Likes
22 Bookmarks
1 Reply
1 Quote
Sorry everyone, I'm late (again) as I was taking the OSCP ! New HackTheBox walkthrough: Snapped Nginx UI CVE-2026-27944 backup extraction → bcrypt cracking → dual privesc paths (snap CVE-2026-3888 + kernel copy-fail CVE-2026-31431). Enjoy the video! https://t.co/23iQXDMVZ
@Strikoder
11 May 2026
3 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
35 new OPEN, 66 new PRO (35 + 31) ACR Stealer, Katana Botnet, Lumma Stealer, NetSupport RAT, TA4903, TA569, XWorm, FreePBX (CVE-2026-28287), Linksys (CVE-2025-34037), Microsoft Exchange (CVE-2021-28480, CVE-2021-28481), Nginx-ui (CVE-2026-27944) and more. https://t.co/ohyXs5Drgg
@ET_Labs
17 Mar 2026
432 Impressions
3 Retweets
5 Likes
0 Bookmarks
0 Replies
0 Quotes
[
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:nginxui:nginx_ui:*:*:*:*:*:*:*:*",
"matchCriteriaId": "AA731011-DD7D-446C-99D7-120A6EBDD668",
"versionEndExcluding": "2.3.3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
]