CVE-2024-46256:
Nginx Proxy Manager vulnerability analysis and mitigation

A Command injection vulnerability in requestLetsEncryptSsl in NginxProxyManager 2.11.3 allows an attacker to RCE via Add Let's Encrypt Certificate.

Source: NVD

CVE ID	Severity	Score	Technologies	Component name	CISA KEV exploit	Has fix	Published date
CVE-2024-46256	CRITICAL	9.8	Nginx Proxy Manager	cpe:2.3:a:jc21:nginx_proxy_manager	No	Yes	Sep 27, 2024
CVE-2023-27224	CRITICAL	9.8	Nginx Proxy Manager	cpe:2.3:a:jc21:nginx_proxy_manager	No	Yes	Mar 22, 2023
CVE-2024-39935	HIGH	8.8	Nginx Proxy Manager	cpe:2.3:a:jc21:nginx_proxy_manager	No	Yes	Jul 04, 2024
CVE-2024-46257	MEDIUM	6.3	Nginx Proxy Manager	cpe:2.3:a:jc21:nginx_proxy_manager	No	Yes	Sep 27, 2024
CVE-2025-50579	MEDIUM	5.3	Nginx Proxy Manager	cpe:2.3:a:jc21:nginx_proxy_manager	No	No	Aug 19, 2025

Free Vulnerability Assessment

Benchmark your Cloud Security Posture

Evaluate your cloud security practices across 9 security domains to benchmark your risk level and identify gaps in your defenses.

A community-led vulnerabilities database

A threat intelligence database

A tenant isolation framework

Get a personalized demo

"Best User Experience I have ever seen, provides full visibility to cloud workloads."

David EstlickCISO

"Wiz provides a single pane of glass to see what is going on in our cloud environments."

Adam FletcherChief Security Officer

"We know that if Wiz identifies something as critical, it actually is."

Greg PoniatowskiHead of Threat and Vulnerability Management