A newly uncovered security vulnerability in nginx-ui, a popular open-source tool for managing Nginx servers, is being actively exploited, posing significant risks to users. Identified as CVE-2026-33032, the flaw has been assigned a CVSS score of 9.8, indicating its critical nature. This authentication bypass vulnerability allows attackers to gain control over Nginx services, a situation that has been termed ‘MCPwn’ by Pluto Security.
Details of the Vulnerability
The vulnerability arises from the nginx-ui’s MCP integration, which exposes two HTTP endpoints: /mcp and /mcp_message. While the /mcp endpoint requires both IP whitelisting and authentication, the /mcp_message endpoint only requires IP whitelisting. However, the default IP whitelist is set to allow all, leading to potential unauthorized access.
Researcher Yotam Perkal from Pluto Security discovered that attackers can exploit this flaw with two simple HTTP requests. First, they send a GET request to the /mcp endpoint to establish a session and acquire a session ID. Then, using this session ID, they send a POST request to the /mcp_message endpoint, executing any MCP tool without needing authentication.
Impact and Exploitation
The exploitation of this vulnerability can enable attackers to alter Nginx configurations, restart servers, and even intercept administrator credentials. The flaw was patched on March 15, 2026, in version 2.3.4. Users are advised to update immediately or implement workarounds such as enforcing authentication on the /mcp_message endpoint or altering the IP whitelist settings.
A report by Recorded Future highlights CVE-2026-33032 as one of the most exploited vulnerabilities in March 2026. Despite the patch, the exact scale of exploitation remains unclear.
Recommendations and Future Outlook
Data from Shodan indicates nearly 2,689 nginx-ui instances are exposed online, predominantly in China, the U.S., Indonesia, Germany, and Hong Kong. Organizations using nginx-ui should urgently update to version 2.3.4 or disable MCP functionality as a temporary measure.
This issue follows the detection of other vulnerabilities in the Atlassian MCP server, emphasizing the need for heightened vigilance in network security. The swift action to address these flaws is crucial to prevent unauthorized access and potential data breaches.
The discovery of such vulnerabilities underscores the importance of maintaining up-to-date software and implementing robust security measures to protect against emerging threats.
