PatchSiren

Nginx Proxy Manager CVE debriefs

These pages are published after PatchSiren validates generated defensive summaries against stored public CVE and source evidence.

Review Nginx Proxy Manager CVE published 2026-06-15

CVE-2026-50892

CVE-2026-50892 is an incorrect access control vulnerability in the 'Let's Encrypt' certificate download endpoint of Nginx Proxy Manager v2.14.0. Authenticated attackers can obtain the TLS private key material via a crafted GET request.