Your Nginx backups are now an open book for unauthenticated attackers. π
CVE-2026-27944 Β· Severity 9.8 Β· Unauthenticated Backup Download in Nginx UI.
A critical vulnerability in Nginx UI allows unauthenticated attackers to download and decrypt full system backups. The flaw stems from the /api/backup endpoint lacking authentication and exposing AES-256 encryption keys in the HTTP response headers.
Attackers can use this to obtain admin credentials, session tokens, and SSL private keys, allowing for full control of the management interface and website impersonation. Automated scanners are currently active, searching for exposed Nginx UI management portals.
The uncomfortable truth: Your backup strategy is a weapon for an attacker if your management tool exposes the keys required to unlock them.
β Update Nginx UI to the latest version and ensure the /api/backup endpoint is restricted.
β Restrict access to all management interfaces through private networks or secure tunnels.
β Rotate any SSL private keys and administrative credentials if your portal was internet-exposed.
Have you verified that your web server management tools are hidden from public automated scanners? π
#Cybersecurity #WebSecurity #Nginx #DataPrivacy #SecurityLeadership #CodeDefence