A critical security vulnerability (CVE-2026-27944) has been discovered in Nginx UI, a web-based graphical interface used to manage Nginx server configurations, SSL certificates, and system logs. The vulnerability allows unauthenticated remote attackers to download and decrypt full system backups.

Affected Systems:

Nginx UI: all versions earlier than 2.3.2

Security Risks

Successful exploitation allows attackers to retrieve and decrypt complete system backups without authentication, resulting in credential theft, exposure of private SSL keys for man-in-the-middle attacks, unauthorized access to configurations, data exfiltration, malware deployment, or complete server takeover.

For a complete list of other recently disclosed Nginx-related vulnerabilities and available patches, please refer to the NVD database at https://nvd.nist.gov/vuln/search.

Recommended Actions

The National Cyber Security Authority (NCSA) strongly recommends that users and system administrators to:

• Upgrade, as soon as possible, to the latest supported version to maintain security and continue receiving technical support and patches. The released software version for upgrade is: Nginx UI: Upgrade to version 2.3.3 or above.

• Restrict network access to the /api/backup endpoint using firewall rules if an immediate upgrade is not feasible, and ensure all Nginx UI management interfaces are accessible only from trusted internal networks.

• Ensure you have the latest backup that can be easily restored before applying any updates or patches.

For further information and support, please contact NCSA by email at rwcsirt@ncsa.gov.rw or call us at 9009.

References

• https://nvd.nist.gov/vuln/detail/CVE-2026-27944

• Vulert Vulnerability Database for Nginx UI CVEs

• GitHub Nginx UI repository for releases and patches