CVE-2026-33029: CWE-20: Improper Input Validation in 0xJacky nginx-ui
Nginx UI is a web user interface for the Nginx web server. Prior to version 2.3.4, an input validation vulnerability in the logrotate configuration allows an authenticated user to cause a complete Denial of Service (DoS). By submitting a negative integer for the rotation interval, the backend enters an infinite loop or an invalid state, rendering the web interface unresponsive. This issue has been patched in version 2.3.4.
AI Analysis
Technical Summary
The vulnerability in nginx-ui versions before 2.3.4 involves improper input validation (CWE-20) in the logrotate configuration feature. Specifically, the system does not properly validate the rotation interval input, allowing an authenticated user to submit a negative integer. This causes the backend process to enter an infinite loop or an invalid state, rendering the web interface unresponsive and causing a denial of service. The vulnerability has a CVSS 4.0 base score of 6.9, indicating a medium severity level. The issue is fixed in version 2.3.4 of nginx-ui.
Potential Impact
An authenticated user can cause a complete denial of service of the nginx-ui web interface by exploiting the improper input validation in the logrotate configuration. This results in the backend entering an infinite loop or invalid state, making the interface unresponsive and potentially disrupting administrative access to the Nginx server management UI.
Mitigation Recommendations
Upgrade nginx-ui to version 2.3.4 or later, where this input validation vulnerability has been patched. No other mitigations are specified or required once the update is applied.
CVE-2026-33029: CWE-20: Improper Input Validation in 0xJacky nginx-ui
Description
Nginx UI is a web user interface for the Nginx web server. Prior to version 2.3.4, an input validation vulnerability in the logrotate configuration allows an authenticated user to cause a complete Denial of Service (DoS). By submitting a negative integer for the rotation interval, the backend enters an infinite loop or an invalid state, rendering the web interface unresponsive. This issue has been patched in version 2.3.4.
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
The vulnerability in nginx-ui versions before 2.3.4 involves improper input validation (CWE-20) in the logrotate configuration feature. Specifically, the system does not properly validate the rotation interval input, allowing an authenticated user to submit a negative integer. This causes the backend process to enter an infinite loop or an invalid state, rendering the web interface unresponsive and causing a denial of service. The vulnerability has a CVSS 4.0 base score of 6.9, indicating a medium severity level. The issue is fixed in version 2.3.4 of nginx-ui.
Potential Impact
An authenticated user can cause a complete denial of service of the nginx-ui web interface by exploiting the improper input validation in the logrotate configuration. This results in the backend entering an infinite loop or invalid state, making the interface unresponsive and potentially disrupting administrative access to the Nginx server management UI.
Mitigation Recommendations
Upgrade nginx-ui to version 2.3.4 or later, where this input validation vulnerability has been patched. No other mitigations are specified or required once the update is applied.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- GitHub_M
- Date Reserved
- 2026-03-17T17:22:14.669Z
- Cvss Version
- 4.0
- State
- PUBLISHED
Threat ID: 69cabc11e6bfc5ba1d596dfb
Added to database: 3/30/2026, 6:08:17 PM
Last enriched: 4/7/2026, 6:44:39 AM
Last updated: 5/14/2026, 10:57:07 PM
Views: 82
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.