CVE-2026-50892
Awaiting Analysis Awaiting Analysis - Queue

Incorrect Access Control in Nginx Proxy Manager TLS Private Key Exposure

Vulnerability report for CVE-2026-50892, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2026-06-15

Last updated on: 2026-06-16

Assigner: MITRE

Description

Incorrect access control in the "Let's Encrypt" certificate download endpoint of Nginx Proxy Manager v2.14.0 allows authenticated attackers to obtain the TLS private key material via a crafted GET request.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-06-15
Last Modified
2026-06-16
Generated
2026-07-06
AI Q&A
2026-06-15
EPSS Evaluated
2026-07-04
NVD
EUVD

Affected Vendors & Products

Showing 1 associated CPE
Vendor Product Version / Range
nginx_proxy_manager nginx_proxy_manager 2.14.0

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-284 The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Executive Summary

CVE-2026-50892 is a vulnerability in Nginx Proxy Manager version 2.14.0 where the certificate download API endpoint improperly exposes private TLS key material.

An authenticated user with certificate read access can exploit this by sending a crafted GET request to the endpoint GET /api/nginx/certificates/:certificate_id/download.

Instead of restricting the download to only public certificate or chain files, the backend packages files from the live certificate directory including the private key file (privkey.pem) in a ZIP archive.

This incorrect access control allows attackers to obtain sensitive private key material that should not be exposed.

Impact Analysis

The vulnerability allows an attacker with certificate read access to obtain the private TLS key material.

With access to the private key, an attacker can impersonate the TLS endpoint, potentially intercepting or decrypting secure communications.

This compromises the confidentiality and integrity of encrypted traffic and requires immediate key rotation for affected certificates to restore security.

Detection Guidance

This vulnerability can be detected by checking if the vulnerable endpoint is accessible and returns private key material. Specifically, an authenticated user with certificate read access can send a crafted GET request to the endpoint /api/nginx/certificates/:certificate_id/download.

A suggested command to test this would be using curl with authentication to attempt downloading the certificate archive:

  • curl -u <username>:<password> -X GET https://<nginx-proxy-manager-host>/api/nginx/certificates/<certificate_id>/download -o cert.zip

If the downloaded ZIP archive contains the private key file (privkey.pem), the system is vulnerable.

Mitigation Strategies

Immediate mitigation steps include restricting access to the certificate download endpoint to prevent unauthorized or unnecessary certificate downloads.

Additionally, affected certificates should be considered compromised and require key rotation to prevent impersonation of the TLS endpoint.

Updating or patching Nginx Proxy Manager to a version that fixes this access control issue is also recommended once available.

Compliance Impact

The vulnerability in Nginx Proxy Manager v2.14.0 allows authenticated attackers to obtain private TLS key material, which can lead to unauthorized access and impersonation of TLS endpoints.

Exposure of private key material can compromise the confidentiality and integrity of encrypted communications, potentially violating data protection requirements under standards like GDPR and HIPAA.

Such unauthorized access to sensitive cryptographic keys may require organizations to perform key rotation and incident response to maintain compliance with these regulations.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-50892. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart