AI Sec Watch: A Security Intelligence Platform for AI Systems

Luu, T.J.

GHSA-78mf-482w-62qj: Nginx-UI: Cross-Site WebSocket Hijacking (CSWSH) via missing origin validation on all WebSocket endpoints

highvulnerability

security

Source: GitHub Advisory DatabaseApril 21, 2026CVE-2026-34403

Summary

Nginx-UI has a security flaw where all WebSocket endpoints (connections that allow real-time two-way communication) accept connections from any website without checking if the request comes from a trusted source. Combined with authentication tokens stored as cookies without proper protection, an attacker can create a malicious webpage that, when visited by a logged-in administrator, secretly connects to nginx-UI and steals sensitive data like server metrics, logs, and even gains terminal access.

Vulnerability Details

EPSS (30-day exploit probability)

EPSS: 0.0%

Patch Available

Yes

Disclosure Date

April 21, 2026

Classification

Attack SophisticationModerate

Affected Packages

github.com/0xJacky/Nginx-UI@< 1.9.10-0.20260316053337-1a9cd29a3082 (fixed: 1.9.10-0.20260316053337-1a9cd29a3082)

Monthly digest — independent AI security research

Original source: https://github.com/advisories/GHSA-78mf-482w-62qj

First tracked: April 21, 2026 at 02:00 PM

Classified by LLM (prompt v3) · confidence: 95%