Volerion logoVolerion
Volerion logoVolerion

Nginx UI Logrotate Configuration Denial-of-Service Vulnerability

Vulnerability

A denial-of-service vulnerability has been identified in Nginx UI versions prior to 2.3.4. The issue arises from improper input validation in the logrotate configuration, allowing authenticated users to cause the web interface to become unresponsive. By submitting a negative integer for the rotation interval, the backend can enter an infinite loop or an invalid state, leading to a complete service hang. This vulnerability has been patched in version 2.3.4.

Impact

Exploitation of this vulnerability causes a complete denial-of-service condition, where the web interface becomes unresponsive and the server fails to handle concurrent requests.

Reproduction

To reproduce this vulnerability, authenticate to the Nginx UI dashboard and send a POST request to the /api/settings endpoint. Include a negative integer in the logrotate.interval field. After the request is processed, the web server will stop responding to all subsequent requests.

Remediation

Users are advised to update Nginx UI to version 2.3.4 or later.

Added: Mar 30, 2026, 6:27 PM
Updated: Mar 30, 2026, 6:27 PM

Vulnerability Rating

Custom Algorithm
spread
0.3
impact
2.5
exploitability
6.2
remediation
7.7
relevance
4.9
threat
6.4
urgency
2.9
incentive
0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.