ID:12618 - Exploit for Origin validation error in nginx-ui - CVE-2026-34403

CSH
CYBERSECURITY HELP
Sign In REGISTER
 
Main Vulnerability Database Exploits ID:12618 - Exploit for Origin validation error in nginx-ui - CVE-2026-34403

ID:12618 - Exploit for Origin validation error in nginx-ui - CVE-2026-34403

Published: April 21, 2026


Vulnerability identifier: #VU126634
Vulnerability risk: High
CVE-ID: CVE-2026-34403
CWE-ID: CWE-346
Exploitation vector: Remote access
Vulnerable software:
nginx-ui

Link to public exploit:


Vulnerability description

The vulnerability allows a remote attacker to compromise the target system.

The vulnerability exists due to the Cross-Site WebSocket Hijacking (CSWSH) issue within missing origin validation on all WebSocket endpoints. A remote attacker can gain access to sensitive information on the system, leading to arbitrary code execution.


Remediation

Install updates from vendor's website.