CVE-2026-33029

Name of the Vulnerable Software and Affected Versions Nginx UI versions prior to 2.3.4

Description An input validation issue in the logrotate configuration allows an authenticated user to cause a Denial of Service (DoS). Submitting a negative integer for the rotation interval causes the backend to enter an infinite loop or an invalid state, making the web interface unresponsive. The issue resides in the handler for the API Endpoint /api/settings, specifically within the logrotate.interval Vulnerable Parameter. When a negative value is processed, it triggers a non-terminating loop, consuming CPU resources and preventing the server from handling further requests.

Recommendations Versions prior to 2.3.4 should be updated to version 2.3.4 or later.