VYPR
High severity7.5NVD Advisory· Published Mar 30, 2026· Updated Apr 1, 2026

CVE-2026-33028

CVE-2026-33028

Description

Nginx UI is a web user interface for the Nginx web server. Prior to version 2.3.4, the nginx-ui application is vulnerable to a Race Condition. Due to the complete absence of synchronization mechanisms (Mutex) and non-atomic file writes, concurrent requests lead to the severe corruption of the primary configuration file (app.ini). This vulnerability results in a persistent Denial of Service (DoS) and introduces a non-deterministic path for Remote Code Execution (RCE) through configuration cross-contamination. This issue has been patched in version 2.3.4.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
github.com/0xJacky/Nginx-UIGo
<= 1.99
github.com/uozi-tech/cosyGo
< 1.30.11.30.1

Affected products

5

Patches

Vulnerability mechanics

References

4

News mentions

0

No linked articles in our index yet.