GHSA-8qv9-6423-m39wMediumCVSS 6.5

Incorrect access control in the "Let's Encrypt" certificate download endpoint of Nginx Proxy...

Published
June 15, 2026
Last Modified
June 16, 2026

🔗 CVE IDs covered (1)

📋 Description

Incorrect access control in the "Let's Encrypt" certificate download endpoint of Nginx Proxy Manager v2.14.0 allows authenticated attackers to obtain the TLS private key material via a crafted GET request.

🔗 References (3)