CYBERHAWK / CVE / CVE-2026-40519

CVE-2026-40519

HIGH CVSS 7.5 other

The flaw

Nginx Proxy Manager versions 2.9.14 through 2.15.1, fixed in commit a5db5ed, contain an authenticated remote code execution vulnerability via OS command injection in the setupCertbotPlugins() function in backend/setup.js, allowing attackers

What to do

Review advisory and patch per vendor guidance.

▸ Scan my repo for CVE-2026-40519

References

NVD CISA KEV OSV GitHub Advisory MITRE News search

First seen 2026-06-12 · Tracked by PickBits CyberHawk · Weekly CVE digest

← All CVEs RSS Scheduled audits