Critical Nginx UI flaw exposes full system backups to unauthenticated attackers

A critical vulnerability in Nginx UI could allow attackers to download and decrypt full server backups without authentication. The flaw, tracked as CVE-2026-27944, carries a CVSS score of 9.8 and affects all Nginx UI versions prior to 2.3.2, according to the project’s security advisory. Security researchers say the issue stems from improper access controls and […] The post Critical Nginx UI flaw exposes full system backups to unauthenticated attackers appeared first on VPN Central.