CVE-2026-42220: CVE-2026-42220: Privilege Escalation via Information Disclosure in Nginx UI

1 / 2

CVE-2026-42220: CVE-2026-42220: Privilege Escalation via Information Disclosure in Nginx UI

DEV Community·CVE Reports·27 days ago

#NehtYjVe

#officialreleasev238 #security #cve #cybersecurity #nginx #secret

Reading 0:00

15s threshold

CVE-2026-42220: Privilege Escalation via Information Disclosure in Nginx UI Vulnerability ID: CVE-2026-42220 CVSS Score: 6.5 Published: 2026-05-05 An information disclosure vulnerability in Nginx UI prior to version 2.3.8 allows authenticated users to extract the internal node secret. This secret can subsequently be abused to bypass authorization checks and escalate privileges to the administrative init user. TL;DR Low-privileged authenticated users can retrieve the system's node.secret via the /api/settings endpoint. This secret can then be passed in the X-Node-Secret header to execute actions as the administrative init user.…

Continue reading — create a free account

Join HashtagPLUS to read full articles, follow hashtags, vote, and join the conversation.

Create free account Log in

Menu

CVE-2026-42220: CVE-2026-42220: Privilege Escalation via Information Disclosure in Nginx UI