CVE-2026-40519 | NginxProxyManager nginx-proxy-manager up to 2.15.1 backend/setup.js setupCertbotPlugins dns_provider_credentials os command injection

Inserito da Angelo Barbosa | Giu 8, 2026 | CVE

A vulnerability has been found in NginxProxyManager nginx-proxy-manager up to 2.15.1 and classified as critical. This vulnerability affects the function setupCertbotPlugins of the file backend/setup.js. This manipulation of the argument dns_provider_credentials causes os command injection.

This vulnerability is registered as CVE-2026-40519. Remote exploitation of the attack is possible. No exploit is available.

It is recommended to apply a patch to fix this issue.

CVE-2026-40519 | NginxProxyManager nginx-proxy-manager up to 2.15.1 backend/setup.js setupCertbotPlugins dns_provider_credentials os command injection

Post correlati

CVE-2024-5256 | Sonos Sonos Era 100 SMB2 Message Hander integer underflow

CVE-2024-5758 | wpxpo PostX Plugin up to 4.0.4 on WordPress filterMobileText cross site scripting

CVE-2025-9155 | itsourcecode Online Tour and Travel Management System 1.0 forget_password.php email sql injection

CVE-2024-1489 | SMS Alert Order Notifications Plugin up to 3.6.9 on WordPress cross-site request forgery