Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

CVE-2026-60062

Gravedad CVSS v4.0:
MEDIA
Tipo:
CWE-22 Limitación incorrecta de nombre de ruta a un directorio restringido (Path Traversal)
Fecha de publicación:
15/07/2026
Última modificación:
15/07/2026

Descripción

*** Pendiente de traducción *** The NGINX Agent config_dirs directive allows a low-privileged attacker to gain limited read and write access to files outside of the designated secure directory. The config_dirs directive required for this issue can also be configured through NGINX Instance Manager. A successful exploit may allow an attacker to cross a security boundary.<br /> <br /> Impact:<br /> A remotely authenticated low-privileged attacker could gain limited read and write access outside of the list of directories specified in the NGINX Agent configuration.<br /> <br /> <br /> <br /> Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

Referencias a soluciones, herramientas e información