Loading
Nginx UI is a web user interface for the Nginx web server. Nginx UI v2.0.0-beta.35 and earlier gets the value from the json field without verification, and can construct a value value in the form of `../../`. Arbitrary files can be written to the server, which may result in loss of permissions. Version 2.0.0-beta.26 fixes the issue.
Use CWE-22, Nginxui vendor hub and Nginx Ui product page to widen CVE-2024-49366 into its surrounding weakness, vendor, and product context.
Compare it with CVE-2026-33032, CVE-2026-27944 and CVE-2026-33026 for nearby disclosures in the same product family.