Summary
Nginx UI released version 2.3.8 to patch four vulnerabilities, including a critical unauthenticated remote code execution flaw (CVE-2026-42238) and multiple high-severity setup takeover issues. These flaws allow attackers to gain full administrative control, execute arbitrary commands, and steal sensitive configuration secrets.
Take Action:
If you are running Nginx UI, if possible make sure the management interface is isolated from the internet and accessible only from trusted networks or via VPN. Update to version 2.3.8 ASAP and rotate all secrets (JWT keys, node secrets, API keys) since older versions are vulnerable during every restart.
Read the full article on BeyondMachines
This article was originally published on BeyondMachines
Top comments (0)