Critical nginx-ui Vulnerability CVE-2026-33032 Under Active Exploitation
Take action: Make sure your nginx-ui instances are isolated from the internet and accessible from trusted networks only. Then update nginx-ui to version 2.3.4 or later to patch CVE-2026-33032, and change the IP whitelist default from allow-all to deny-all so only trusted addresses can reach the management interface.
Learn More
nginx-ui, a popular open-source web interface for managing Nginx servers, contains a critical actively exploited vulnerability which allows unauthenticated attackers to take over Nginx services.
The flaw is tracked as CVE-2026-33032 (CVSS score 9.8) - An authentication bypass vulnerability in the Model Context Protocol (MCP) integration of nginx-ui that allows unauthenticated users to run administrative tools. The flaw exists because the /mcp_message endpoint lacks the AuthRequired() middleware, while the IP whitelist defaults to an empty state that permits all incoming traffic. Attackers can use this to modify Nginx configurations, restart services, and intercept network traffic without providing any credentials.
While the initial connection endpoint /mcp requires authentication, the secondary /mcp_message endpoint, which processes actual tool commands, does not. An attacker first sends a GET request to /mcp to establish a session and receive a session ID. They then send a POST request to /mcp_message using that ID to run destructive MCP tools, bypassing the security controls intended for the web interface.
Security researchers at Pluto Security discovered the flaw, codenamed MCPwn. The vulnerability is currently under active exploitation, appearing on the VulnCheck Known Exploited Vulnerabilities (KEV) list and in reports from Recorded Future. Approximately 2,689 instances are exposed globally, with significant concentrations in China and the United States.
Successful exploitation grants complete control over the Nginx service and the traffic it manages. Attackers can steal existing configurations to map internal network topology or inject malicious server blocks to capture sensitive data.
This flaw affects all nginx-ui versions prior to 2.3.4. The maintainers released a fix in version 2.3.4 on March 15, 2026, which adds the missing authentication middleware and regression tests. Organizations should update immediately or apply a workaround by manually adding middleware.AuthRequired() to the /mcp_message route in the source code. Additionally, administrators should change the IP whitelist default from allow-all to deny-all to prevent unauthorized access to the management backend.
