The NGINX Agent config_dirs directive allows a low-privileged attacker to gain limited read and write access to files outside of the designated secure directory. The config_dirs directive required for this issue can also be configured through NGINX Instance Manager. A successful exploit may allow an attacker to cross a security boundary.
Impact:
A remotely authenticated low-privileged attacker could gain limited read and write access outside of the list of directories specified in the NGINX Agent configuration.
Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
Metrics
Affected Vendors & Products
References
| Link | Providers |
|---|---|
| https://my.f5.com/manage/s/article/K000161971 |
|
History
Wed, 15 Jul 2026 16:30:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Metrics |
ssvc
|
Wed, 15 Jul 2026 15:00:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Description | The NGINX Agent config_dirs directive allows a low-privileged attacker to gain limited read and write access to files outside of the designated secure directory. The config_dirs directive required for this issue can also be configured through NGINX Instance Manager. A successful exploit may allow an attacker to cross a security boundary. Impact: A remotely authenticated low-privileged attacker could gain limited read and write access outside of the list of directories specified in the NGINX Agent configuration. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. | |
| Title | NGINX Agent Vulnerability | |
| Weaknesses | CWE-22 | |
| References |
| |
| Metrics |
cvssV3_1
|
Status: PUBLISHED
Assigner: f5
Published:
Updated: 2026-07-15T15:37:18.438Z
Reserved: 2026-07-08T15:49:43.045Z
Link: CVE-2026-60062
Updated: 2026-07-15T15:37:13.973Z
No data.
No data.
OpenCVE Enrichment
No data.