Vulnerability in Nginx UI Web Interface for Nginx Server
CVE-2026-33032
Key Information:
Badges
What is CVE-2026-33032?
CVE-2026-33032 is a severe vulnerability found in the Nginx UI web interface designed for managing Nginx servers, specifically in versions up to 2.3.5. This vulnerability arises from the Model Context Protocol (MCP) integration, which incorrectly configures access permissions for its HTTP endpoints. While the primary endpoint, /mcp, correctly requires both IP whitelisting and authentication, the secondary endpoint, /mcp_message, fails to enforce authentication as it only implements IP whitelisting. Unfortunately, the default configuration leaves the IP whitelist empty, effectively permitting unrestricted access.
This flaw allows malicious actors on the same network to access critical MCP functionalities without needing authentication. Consequently, attackers could manipulate the Nginx server to restart services, modify configuration files, or trigger automatic reloads. The implications of this vulnerability are dire, as it could lead to a complete takeover of the Nginx service, endangering web applications and data managed by the server.
Potential impact of CVE-2026-33032
-
Unauthorized Access and Control: Attackers can access the /mcp_message endpoint without authentication, allowing them to execute critical commands that can compromise the integrity and availability of the Nginx server.
-
Configuration Manipulation: With this vulnerability, attackers can easily create, modify, or delete configuration files, leading to potential misconfigurations or complete service disruption.
-
Service Disruption: The ability to restart the Nginx server and trigger configuration reloads can lead to downtime, affecting any applications dependent on the server, resulting in financial losses and reputational damage for organizations.
Affected Version(s)
nginx-ui <= 2.3.5
Exploit Proof of Concept (PoC)
PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.
News Articles
It Security NewsCVE-2026-33032Nginx-ui Vulnerability Actively Exploited in Attack – Enables Full Server Takeover - IT Security News
A critical authentication bypass vulnerability in Nginx UI, tracked as CVE-2026-33032 with a maximum CVSS score of 9.8, is currently being actively exploited in the wild. This flaw allows unauthenticated remote attackers to gain complete control over affected Nginx web…Read more →
2 weeks ago
It Security NewsCVE-2026-33032Nginx-UI Flaw Actively Exploited to Enable Full Server Takeover - IT Security News
A severe vulnerability in nginx-ui, a widely used open-source web interface for managing Nginx servers, is currently being actively exploited in the wild. Tracked as CVE-2026-33032 with a maximum CVSS base score of 9.8, this critical flaw allows remote attackers…Read more →
2 weeks ago
Exploited Vulnerability Exposes Nginx Servers to Hacking
A critical Nginx UI vulnerability that allows attackers to take full control of servers has been exploited in the wild.
2 weeks ago
References
EPSS Score
9% chance of being exploited in the next 30 days.
CVSS V3.1
Timeline
- 📈
Vulnerability started trending
- 📰
First article discovered by Infosecurity Magazine
- 🟡
Public PoC available
- 👾
Exploit known to exist
Vulnerability published
Vulnerability Reserved