CVE-2026-60062
Gravedad CVSS v4.0:
MEDIA
Tipo:
CWE-22
Limitación incorrecta de nombre de ruta a un directorio restringido (Path Traversal)
Fecha de publicación:
15/07/2026
Última modificación:
15/07/2026
Descripción
*** Pendiente de traducción *** The NGINX Agent config_dirs directive allows a low-privileged attacker to gain limited read and write access to files outside of the designated secure directory. The config_dirs directive required for this issue can also be configured through NGINX Instance Manager. A successful exploit may allow an attacker to cross a security boundary.<br />
<br />
Impact:<br />
A remotely authenticated low-privileged attacker could gain limited read and write access outside of the list of directories specified in the NGINX Agent configuration.<br />
<br />
<br />
<br />
Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
Impacto
Puntuación base 4.0
5.30
Gravedad 4.0
MEDIA
Puntuación base 3.x
6.40
Gravedad 3.x
MEDIA



