CVE-2026-42238 | 0xJacky nginx-ui up to 2.3.7 Backup /api/restore code injection

SecurityVulns
Yanac

A vulnerability was found in 0xJacky nginx-ui up to 2.3.7 and classified as critical. This affects an unknown part of the file /api/restore of the component Backup Handler. Such manipulation leads to code injection.

This vulnerability is uniquely identified as CVE-2026-42238. The attack can be launched remotely. No exploit exists.

It is suggested to upgrade the affected component.VulDB Recent EntriesRead More