A serious vulnerability in Nginx UI, identified as CVE-2026-33032 with a CVSS score of 9.8, is currently under active exploitation. This flaw allows remote attackers to bypass authentication and take full control of compromised Nginx web servers.
Discovery and Nature of the Vulnerability
The vulnerability was uncovered by cybersecurity specialists at Pluto Security. It arises from the absence of a crucial function call in the Model Context Protocol (MCP) integration of the Nginx UI. This integration is crucial for web server management, exposing over 2,600 instances as identified on Shodan, thus posing a significant risk to organizations.
The flaw is located in the MCP integration of the Nginx UI, an interface widely used for managing Nginx configurations. Two HTTP endpoints, /mcp and /mcp_message, are employed in this integration. While the /mcp endpoint has proper IP whitelisting and authentication measures, the /mcp_message endpoint lacks any authentication protocol.
Implications of the Vulnerability
The default fail-open design of the IP whitelist exacerbates the issue, as it treats an empty list as allowing all traffic. This oversight allows attackers to make direct HTTP POST requests to /mcp_message, gaining administrative access without authentication. Attackers can thus invoke any of the 12 MCP tools.
These tools can manage the core Nginx server, leading to severe consequences. Attackers may completely take over services, intercept traffic, harvest credentials, and disrupt services by manipulating configurations. Unauthorized access to sensitive configuration files is also a risk.
Active Threats and Mitigation
The threat is not hypothetical, as a proof-of-concept exploit is publicly available, and active exploitation has been confirmed. VulnCheck and Recorded Future have listed CVE-2026-33032 among known exploited vulnerabilities, highlighting its high impact potential.
To mitigate this issue, security experts advise immediate updates to Nginx UI version 2.3.4 or later, which addresses the missing authentication in /mcp_message. If immediate updates are not feasible, disabling the MCP feature is recommended to eliminate exposure. Additionally, configuring the IP whitelist to include only trusted administrators enhances security.
To further safeguard against potential breaches, organizations should review Nginx access logs and configuration directories to detect unauthorized changes.
For continuous updates on cybersecurity, follow us on Google News, LinkedIn, and X. Contact us to share your stories.
