| Summary | Incorrect access control in the "Let's Encrypt" certificate download endpoint of Nginx Proxy Manager v2.14.0 allows authenticated attackers to obtain the TLS private key material via a crafted GET request. |
|---|---|
| Publication Date | June 16, 2026, 5:16 a.m. |
| Registration Date | June 17, 2026, 4:13 a.m. |
| Last Update | June 17, 2026, 12:49 a.m. |