{"vulnerability": "cve-2026-42238", "sightings": [{"uuid": "3cf8a189-7afc-45bc-b212-62f55adfc699", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-42238", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3ml2qxefyhg2p", "content": "CVE-2026-42238 - Unauthenticated Remote Code Execution via Backup Restore in nginx-ui\nCVE ID : CVE-2026-42238\n \n Published : May 4, 2026, 9:16 p.m. | 1\u00a0hour, 4\u00a0minutes ago\n \n Description : Nginx UI is a web user interface for the Nginx web server. Prior to version 2.3.8, nginx...", "creation_timestamp": "2026-05-04T22:48:29.253183Z"}, {"uuid": "53f28ad9-ea20-4ae5-a88b-79d7505ecaa5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2026-42238", "type": "seen", "source": "https://bsky.app/profile/offseq.bsky.social/post/3ml2uyhgrmv2p", "content": "CRITICAL vuln in 0xJacky nginx-ui (<2.3.8): Unauthenticated backup restore on fresh start enables remote code execution as root. Upgrade to 2.3.8 ASAP! \ud83d\udea8 https://radar.offseq.com/threat/cve-2026-42238-cwe-94-improper-control-of-generati-88b6fe8d #OffSeq #nginx #security", "creation_timestamp": "2026-05-05T00:00:41.488271Z"}, {"uuid": "48d92cb9-22ae-4191-9819-1657508ecda8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2026-42238", "type": "seen", "source": "https://infosec.exchange/users/offseq/statuses/116519025945473134", "content": "\ud83d\udd25 CRITICAL: CVE-2026-42238 in 0xJacky nginx-ui (<2.3.8) lets remote attackers gain root by exploiting an unauthenticated backup restore endpoint in the first 10 min. Patch to 2.3.8 now! https://radar.offseq.com/threat/cve-2026-42238-cwe-94-improper-control-of-generati-88b6fe8d #OffSeq #nginx #infosec #vuln", "creation_timestamp": "2026-05-05T00:00:42.224154Z"}]}