Actively Exploited nginx-ui Flaw (CVE-2026-33032) Enables Full Nginx Server Takeover

2026-04-15

1 min read

by info@thehackernews.com (The Hacker News)

Read Original

Get the latest tech trends every morning

Receive daily AI-curated summaries of engineering articles from top tech companies worldwide.

Endigest AI Core Summary

CVE-2026-33032 is a critical authentication bypass vulnerability in nginx-ui that allows attackers to achieve complete Nginx service takeover through unauthenticated access to the /mcp_message endpoint.

•The vulnerability exists because the /mcp endpoint requires authentication and IP whitelisting, but /mcp_message only requires IP whitelisting with an empty default whitelist (treated as 'allow all').
•Attackers can establish a session and invoke MCP tools without authentication, including restarting nginx, modifying configuration files, and triggering automatic reloads.
•The attack chain uses CVE-2026-27944 to extract encryption keys and the node_secret credential needed to authenticate with the MCP interface.
•The flaw was patched in version 2.3.4 released on March 15, 2026, with approximately 2,689 exposed instances identified via Shodan.

Actively Exploited nginx-ui Flaw (CVE-2026-33032) Enables Full Nginx Server Takeover

Get the latest tech trends every morning

Endigest AI Core Summary

Related Articles

CISA Adds 8 Exploited Flaws to KEV, Sets April-May 2026 Federal Deadlines

SGLang CVE-2026-5760 (CVSS 9.8) Enables RCE via Malicious GGUF Model Files

Take Control: Customer-Managed Keys for Lakebase Postgres

⚡ Weekly Recap: Vercel Hack, Push Fraud, QEMU Abused, New Android RATs Emerge & More