Nginx UI

by 0xJackyv2.3.2

Last updated Jun 8, 2026

Yet another Web UI for Nginx

Install with winget

$ winget install --id 0xJacky.nginx-ui --exact --version 2.3.2

Run in Command Prompt, PowerShell, or Windows Terminal. Prompts for any agreements.

Built by Pckgr

For Intune admins

Stop chasing app updates. Pckgr patches them for you.

Automated application patching for Microsoft Intune. Pckgr keeps a curated library of 1,000+ apps continuously up-to-date in your tenant via Microsoft Graph - no manual repackaging, no chasing vendor sites.

Start free 30-day trial

No credit card required.

About

Yet another WebUI for Nginx

Installers · v2.3.2

Architecture	Type	Scope	Install	Download
x64	ZIP archive	-		Direct

Copy a command tailored to that specific architecture, type, and scope - useful when winget would otherwise pick a different default.

Security

23 known CVEs via NVD

high8.5Fix availableCVE-2026-44015affects <=2.3.4May 12, 2026
Nginx UI is a web user interface for the Nginx web server. In 2.3.4 and earlier, an authenticated user can perform Server-Side Request Forgery (SSRF) by creating a cluster node pointing to an arbitrary internal URL and then sending API requests with the X-Node-ID header. The Pro...
Vendor advisory
critical9.8Fix in v2.3.8CVE-2026-42238affects before 2.3.8May 4, 2026
Nginx UI is a web user interface for the Nginx web server. Prior to version 2.3.8, nginx-ui exposes a backup restore endpoint (POST /api/restore) that is completely unauthenticated during the first 10 minutes after process startup on any fresh installation. An unauthenticated re...
Vendor advisory
medium6.5Fix in v2.3.8CVE-2026-42223affects before 2.3.8May 4, 2026
Nginx UI is a web user interface for the Nginx web server. Prior to version 2.3.8, the GetSettings API handler (api/settings/settings.go:24-65) serializes all settings structs to JSON and returns them to authenticated users. Many sensitive fields are tagged with protected:"true"...
Vendor advisory
high8.1Patched in wingetCVE-2026-42222affects v2.3.5May 4, 2026
Nginx UI is a web user interface for the Nginx web server. In version 2.3.5, an unauthenticated bootstrap takeover exists in nginx-ui during the initial installation window exposed by POST /api/install. At time of publication no public patches are available.
Vendor advisory
high8.1Fix in v2.3.8CVE-2026-42221affects before 2.3.8May 4, 2026
Nginx UI is a web user interface for the Nginx web server. From version 2.0.0 to before version 2.3.8, an unauthenticated network attacker can claim the initial administrator account on a fresh nginx-ui instance during the first-run setup window. The public /api/install endpoint...
Vendor advisory
medium6.5Fix in v2.3.8CVE-2026-42220affects before 2.3.8May 4, 2026
Nginx UI is a web user interface for the Nginx web server. Prior to version 2.3.8, an authenticated user can call GET /api/settings and retrieve sensitive configuration values, including node.secret. The same node.secret is accepted by AuthRequired() through the X-Node-Secret he...
Vendor advisory
high8.1Fix in v2.3.5CVE-2026-34403affects before 2.3.5Apr 20, 2026
Nginx UI is a web user interface for the Nginx web server. Prior to version 2.3.5, all WebSocket endpoints in nginx-ui use a gorilla/websocket Upgrader with CheckOrigin unconditionally returning true, allowing Cross-Site WebSocket Hijacking (CSWSH). Combined with the fact that a...
Vendor advisory
high8.1Fix in v2.3.4CVE-2026-33031affects before 2.3.4Apr 20, 2026
Nginx UI is a web user interface for the Nginx web server. Prior to version 2.3.4, a user who was disabled by an administrator can use previously issued API tokens for up to the token lifetime. In practice, disabling a compromised account does not actually terminate that user’s...
Vendor advisory

Showing 8 of 23. Source: NVD, updated 3h ago. Patch status is best-effort: NVD's fix version is compared against the latest version in winget, but the two version formats don't always align. Confirm with the vendor advisory before treating any specific build as safe.

See a CVE that affects your fleet? Push the patched version to Intune in one click with Pckgr - automated patching is the only way to keep up.

Related apps

CC Switchfarion1231
farion1231.CC-Switchv3.16.2
A cross-platform desktop All-in-One assistant tool for Claude Code, Codex, OpenCode, openclaw & Gemini CLI.
SnippingToolDimitar Radenkov
DimitarRadenkov.SnippingToolv4.6.1
Open-source Windows snipping tool with OCR, screen recording, and annotation
Windows Subsystem for LinuxMicrosoft Corp.
Microsoft.WSLv2.7.8
A feature of Windows that allows you to run a Linux environment on your Windows machine, without the need for a separate virtual machine or dual booting.
U
UsbDkDaynix Computing LTD.
daynix.UsbDkv1.0.22
Usb Drivers Development Kit for Windows
App InstallerMicrosoft Corporation
Microsoft.AppInstallerv1.28.240.0
Microsoft App Installer lets you easily install Windows apps with a double-click. It also includes WinGet for powerful command-line app management.
O
Ollama (Portable)Ollama
Ollama.Ollama.Portablev0.20.2
Start building with open models.

More from 0xJacky or browse chatgpt-app, code-completion, copilot.

Frequently asked questions

How do I install Nginx UI on Windows?

Open Windows Terminal, PowerShell, or Command Prompt and run: winget install --id 0xJacky.nginx-ui --exact --version 2.3.2. winget downloads the installer from 0xJacky and runs it. Requires Windows 10 (1809+) or Windows 11.

How do I install Nginx UI silently for unattended deployment?

Add --silent and accept the agreements upfront: winget install --id 0xJacky.nginx-ui --exact 2.3.2 --silent --accept-package-agreements --accept-source-agreements. This is the variant Intune, Configuration Manager, and other deployment tools should use.

How do I uninstall Nginx UI via winget?

Run: winget uninstall --id 0xJacky.nginx-ui --exact. Add --silent for unattended uninstalls. winget will use the registered uninstaller from Nginx UI's Apps & Features entry.

Is Nginx UI free?

Nginx UI is distributed under AGPL-3.0. Refer to the publisher (https://github.com/0xJacky/nginx-ui) for the full license terms - Wingetly itself does not charge for installation.

Does Nginx UI work on Windows 10?

Yes, as long as your Windows 10 build supports winget (1809 or newer). winget ships with App Installer on Windows 10/11 and pulls Nginx UI directly from the publisher.

How do I keep Nginx UI up to date?

Run winget upgrade --id 0xJacky.nginx-ui --exact, or winget upgrade --all to update everything winget tracks. We index 4 versions of Nginx UI from microsoft/winget-pkgs.

Recent versions

2.3.2latest
2.2.1
2.1.17
2.1.12