NGINX Agent and NGINX Instance Manager Path Traversal Vulnerability Allowing Unauthorized File Access

Vulnerability

A vulnerability exists in the NGINX Agent's config_dirs directive, which can be managed through NGINX Instance Manager. This issue allows a low-privileged, remotely authenticated attacker to read and write files outside the designated secure directory, potentially crossing important security boundaries.

Impact

Exploitation of this vulnerability could lead to unauthorized file access and modification, allowing attackers to read or write files outside of the intended directory restrictions.

Remediation

Users can upgrade to NGINX Agent version 2.47.0 or NGINX Instance Manager version 2.22.1 to address this vulnerability.

Added: Jul 15, 2026, 3:40 PM
Updated: Jul 15, 2026, 3:40 PM

Vulnerability Rating

Custom Algorithm
spread
1.4
impact
0.4
exploitability
4.9
remediation
0.0
relevance
9.8
threat
0.0
urgency
2.9
incentive
0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.