Nginx UI: DoS via Negative Integer Input in Logrotate Interval

6.9 / 10

MEDIUM

CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

Description

Nginx UI is a web user interface for the Nginx web server. Prior to version 2.3.4, an input validation vulnerability in the logrotate configuration allows an authenticated user to cause a complete Denial of Service (DoS). By submitting a negative integer for the rotation interval, the backend enters an infinite loop or an invalid state, rendering the web interface unresponsive. This issue has been patched in version 2.3.4.

Basic Information

ID CVE-2026-33029

Source GitHub_M

Published Mar 30, 2026 at 17:59

Modified Apr 1, 2026 at 18:17

Affected Product

Vendor 0xJacky

Product nginx-ui

Version < 2.3.4

Affected Versions 0xJacky nginx-ui < 2.3.4

CWE Classification

CWE-20

References

{
    "lastseen": "",
    "description": "Nginx UI is a web user interface for the Nginx web server. Prior to version 2.3.4, an input validation vulnerability in the logrotate configuration allows an authenticated user to cause a complete Denial of Service (DoS). By submitting a negative integer for the rotation interval, the backend enters an infinite loop or an invalid state, rendering the web interface unresponsive. This issue has been patched in version 2.3.4.",
    "published": "2026-03-30T17:59:04.740Z",
    "modified": "2026-04-01T18:17:47.373Z",
    "type": "cve",
    "title": "Nginx UI: DoS via Negative Integer Input in Logrotate Interval",
    "source": "GitHub_M",
    "references": "https://github.com/0xJacky/nginx-ui/security/advisories/GHSA-cp8r-8jvw-v3qg\nhttps://github.com/0xJacky/nginx-ui/releases/tag/v2.3.4",
    "id": "CVE-2026-33029",
    "bulletinFamily": "",
    "cwe": [
        "CWE-20"
    ],
    "cvelist": null,
    "sourceData": "0xJacky nginx-ui < 2.3.4",
    "sourceHref": "",
    "cvss": {
        "score": 6.9,
        "severity": "MEDIUM",
        "vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "nginx-ui",
    "version": "< 2.3.4",
    "vendor": "0xJacky",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}

Nginx UI: DoS via Negative Integer Input in Logrotate Interval_CVE-2026-33029