CVE-2026-42220 | 0xJacky nginx-ui up to 2.3.7 /api/settings AuthRequired information disclosure

A vulnerability, which was classified as problematic, has been found in 0xJacky nginx-ui up to 2.3.7. Impacted is the function AuthRequired of the file /api/settings. Performing a manipulation results in information disclosure.

This vulnerability is reported as CVE-2026-42220. The attack is possible to be carried out remotely. No exploit exists.

It is advisable to upgrade the affected component.VulDB Recent EntriesRead More