CVE-2026-27944

This PoC exploits an authentication bypass vulnerability in Nginx UI (CVE-2026-27944) by decrypting backup files retrieved from an unauthenticated API endpoint. It leverages AES-256-CBC decryption using keys extracted from the 'X-Backup-Security' header to expose sensitive configuration data.

This repository contains a functional Python exploit for CVE-2026-27944, which allows unauthenticated attackers to download and decrypt Nginx UI server backups via the /api/backup endpoint. The exploit includes both scanning and exploitation capabilities, with detailed technical documentation.

This repository contains a functional Python exploit for CVE-2026-27944, which allows unauthenticated attackers to download and decrypt Nginx UI server backups via the /api/backup endpoint. The exploit includes both scanning and exploitation capabilities, with detailed technical documentation.

This repository contains a functional exploit for CVE-2026-27944, targeting Nginx UI. The exploit automates the download of encrypted backups, decrypts them using leaked AES keys, extracts sensitive secrets, and creates an admin user for dashboard access.

This repository contains a multi-threaded scanner for detecting Nginx UI instances and identifying those vulnerable to CVE-2026-27944 (versions ≤ 2.3.2). It uses passive fingerprinting and API endpoint probing to determine version and vulnerability status.

This repository contains a fully functional lab environment and exploit for CVE-2026-27944, demonstrating unauthenticated backup download and encryption key disclosure in Nginx-UI versions < 2.3.2. The exploit includes a PoC script that downloads encrypted backups and decrypts them using keys disclosed in response headers.