CVE-2026-33029 | THREATINT

Description

Nginx UI is a web user interface for the Nginx web server. Prior to version 2.3.4, an input validation vulnerability in the logrotate configuration allows an authenticated user to cause a complete Denial of Service (DoS). By submitting a negative integer for the rotation interval, the backend enters an infinite loop or an invalid state, rendering the web interface unresponsive. This issue has been patched in version 2.3.4.

PUBLISHED Reserved 2026-03-17 | Published 2026-03-30 | Updated 2026-04-01 | Assigner GitHub_M

MEDIUM: 6.9CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

Problem types

CWE-20: Improper Input Validation

Product status

< 2.3.4

affected

References

github.com/...inx-ui/security/advisories/GHSA-cp8r-8jvw-v3qg

github.com/0xJacky/nginx-ui/releases/tag/v2.3.4

cve.org (CVE-2026-33029)

nvd.nist.gov (CVE-2026-33029)

Download JSON