CVE-2026-33032
published 2026-03-30CVE-2026-33032: Nginx UI is a web user interface for the Nginx web server. In versions 2.3.5 and prior, the nginx-ui MCP (Model Context Protocol) integration exposes two HTTP…
PriorityP193critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
ITWEXPLOITVulnCheck KEVInitial access
Exploited in the wild
EPSS
38.48%
98.4th percentile
Nginx UI is a web user interface for the Nginx web server. In versions 2.3.5 and prior, the nginx-ui MCP (Model Context Protocol) integration exposes two HTTP endpoints: /mcp and /mcp_message. While /mcp requires both IP whitelisting and authentication (AuthRequired() middleware), the /mcp_message endpoint only applies IP whitelisting - and the default IP whitelist is empty, which the middleware treats as "allow all". This means any network attacker can invoke all MCP tools without authentication, including restarting nginx, creating/modifying/deleting nginx configuration files, and triggering automatic config reloads - achieving complete nginx service takeover. At time of publication, there are no publicly available patches.
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| 0xjacky | nginx-ui | <= 2.3.5 | — |
| github.com | 0xjacky_nginx-ui | 0 – 1.99 | — |
| nginxui | nginx_ui | <= 2.3.5 | — |
Detection & IOCsextracted from sources · hover to see the quote
- →Detect unauthenticated HTTP POST requests to the /mcp_message endpoint — no Authorization header present. This is the core exploit path for CVE-2026-33032. ↗
- →Alert on HTTP GET to /mcp followed shortly by HTTP POST to /mcp_message from the same source IP, especially without an Authorization header — this two-request sequence is the documented full-takeover attack pattern. ↗
- →Monitor for MCP tool invocations (e.g., nginxconfigadd, tools/call) via POST to /mcp_message without authentication, which indicates active exploitation. ↗
- →Insikt Group created a Nuclei template to detect CVE-2026-33032; use it to scan for exposed Nginx UI instances. Active exploitation was observed on honeypots starting April 1, 2026. ↗
- →Rapid7 InsightVM/Nexpose/Exposure Command unauthenticated checks for CVE-2026-33032 were released in the April 17 content update — deploy these checks to identify vulnerable Nginx UI instances. ↗
- →Flag Nginx UI instances running version 2.3.3 or earlier as vulnerable; the fix is present in version 2.3.4+. The vendor recommends updating to 2.3.6 to avoid version-range discrepancies. ↗
- ·The /mcp endpoint requires both IP whitelisting AND authentication, but /mcp_message only requires IP whitelisting — the asymmetric middleware application is the root cause of the bypass. ↗
- ·As a workaround (if patching is not immediately possible), add middleware.AuthRequired() to the /mcp_message endpoint, or change the IP allowlist default behavior from allow-all to deny-all. ↗
CVSS provenance
nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
vulncheck9.8CRITICAL
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
OSV
nginx-ui's Unauthenticated MCP Endpoint Allows Remote Nginx Takeover in github.com/0xJacky/Nginx-UI
osv·2026-04-02
CVE-2026-33032 nginx-ui's Unauthenticated MCP Endpoint Allows Remote Nginx Takeover in github.com/0xJacky/Nginx-UI
nginx-ui's Unauthenticated MCP Endpoint Allows Remote Nginx Takeover in github.com/0xJacky/Nginx-UI
nginx-ui's Unauthenticated MCP Endpoint Allows Remote Nginx Takeover in github.com/0xJacky/Nginx-UI
GHSA
nginx-ui's Unauthenticated MCP Endpoint Allows Remote Nginx Takeover
ghsa·2026-03-30
CVE-2026-33032 [CRITICAL] CWE-306 nginx-ui's Unauthenticated MCP Endpoint Allows Remote Nginx Takeover
nginx-ui's Unauthenticated MCP Endpoint Allows Remote Nginx Takeover
### Summary
The nginx-ui MCP (Model Context Protocol) integration exposes two HTTP endpoints: `/mcp` and `/mcp_message`. While `/mcp` requires both IP whitelisting and authentication (`AuthRequired()` middleware), the `/mcp_message` endpoint only applies IP whitelisting - and the default IP whitelist is empty, which the middleware treats as "allow all". This means any network attacker can invoke all MCP tools without authentication, including restarting nginx, creating/modifying/deleting nginx configuration files, and triggering automatic config reloads - achieving complete nginx service takeover.
### Details
#### Vulnerable Code
**`mcp/router.go:9-17` - Auth asymmetry between endpoints**
```go
func InitRouter(r *gin.
OSV
nginx-ui's Unauthenticated MCP Endpoint Allows Remote Nginx Takeover
osv·2026-03-30
CVE-2026-33032 [CRITICAL] nginx-ui's Unauthenticated MCP Endpoint Allows Remote Nginx Takeover
nginx-ui's Unauthenticated MCP Endpoint Allows Remote Nginx Takeover
### Summary
The nginx-ui MCP (Model Context Protocol) integration exposes two HTTP endpoints: `/mcp` and `/mcp_message`. While `/mcp` requires both IP whitelisting and authentication (`AuthRequired()` middleware), the `/mcp_message` endpoint only applies IP whitelisting - and the default IP whitelist is empty, which the middleware treats as "allow all". This means any network attacker can invoke all MCP tools without authentication, including restarting nginx, creating/modifying/deleting nginx configuration files, and triggering automatic config reloads - achieving complete nginx service takeover.
### Details
#### Vulnerable Code
**`mcp/router.go:9-17` - Auth asymmetry between endpoints**
```go
func InitRouter(r *gin.
VulnCheck
nginxui nginx_ui Missing Authentication for Critical Function
vulncheck·2026·CVSS 9.8
CVE-2026-33032 [CRITICAL] nginxui nginx_ui Missing Authentication for Critical Function
nginxui nginx_ui Missing Authentication for Critical Function
Nginx UI is a web user interface for the Nginx web server. In versions 2.3.5 and prior, the nginx-ui MCP (Model Context Protocol) integration exposes two HTTP endpoints: /mcp and /mcp_message. While /mcp requires both IP whitelisting and authentication (AuthRequired() middleware), the /mcp_message endpoint only applies IP whitelisting - and the default IP whitelist is empty, which the middleware treats as "allow all". This means any network attacker can invoke all MCP tools without authentication, including restarting nginx, creating/modifying/deleting nginx configuration files, and triggering automatic config reloads - achieving complete nginx service takeover. At time of publication, there are no publicly available patches.
No detection rules found.
Nuclei
Nginx UI - Broken Access Control
nuclei·CVSS 9.8
CVE-2026-33032 [CRITICAL] Nginx UI - Broken Access Control
Nginx UI - Broken Access Control
Network attackers can fully control nginx service, including config modification and service restart, leading to complete service takeover.
Template:
id: CVE-2026-33032
info:
name: Nginx UI - Broken Access Control
author: DhiyaneshDk
severity: critical
description: |
Network attackers can fully control nginx service, including config modification and service restart, leading to complete service takeover.
impact: |
An unauthenticated attacker with a valid MCP session ID can inject arbitrary nginx configurations,create reverse proxies for credential theft, and achieve remote code execution via nginx config primitives.
remediation: Upgrade to nginx-ui v2.3.4 or later which adds AuthRequired() to /mcp_message.
reference:
- https://github.com/0xJacky/nginx-u
Rapid7
Rapid7 Observed Exploitation of PAN-OS GlobalProtect Authentication Bypass Vulnerability (CVE-2026-0257)
blogs_rapid7·2026-05-29·CVSS 7.8
CVE-2026-0257 [HIGH] Rapid7 Observed Exploitation of PAN-OS GlobalProtect Authentication Bypass Vulnerability (CVE-2026-0257)
## Overview
On May 13, 2026, Palo Alto Networks published a security advisory for CVE-2026-0257, a medium severity authentication bypass affecting PAN-OS and Prisma Access when a specific configuration is present. Successful exploitation of this vulnerability allows a remote unauthenticated attacker to successfully establish a VPN connection through the GlobalProtect gateway of an affected appliance.
Rapid7 MDR identified successful exploitation across numerous customers, however we did not observe any indication of successful lateral movement from the devices. The earliest date for observed exploitation was May 17, 2026. As of May 29, 2026, this vulnerability has been added to the CISA KEV.
While the assigned CVSSv4 score indicates a medium severity, due to the circumstances surroundin
Recorded Future
April 2026 CVE Landscape
blogs_recorded_future·2026-05-15·CVSS 9.8
CVE-2026-33032 [CRITICAL] April 2026 CVE Landscape
## April 2026 CVE Landscape
In April 2026, Insikt Group® identified 37 high-impact vulnerabilities that should be prioritized for remediation , 35 of which had a Very Critical Recorded Future Risk Score. This represents a 19% increase from last month.
31 of the 37 were included in the US Cybersecurity and Infrastructure Security Agency (CISA)’s Known Exploited Vulnerabilities (KEV) catalog, and six were surfaced only through honeypot data. Those six CVEs associated with honeypots are available only to Recorded Future customers.
Those 37 vulnerabilities affected products from 23 vendors. Microsoft accounted for approximately 22%, while the remaining exposure was concentrated across a range of enterprise-facing vendors, particularly security and systems management tools, collaboration and
Rapid7
CVE-2026-0265: Authentication Bypass in Palo Alto Networks PAN-OS
blogs_rapid7·2026-05-14·CVSS 7.2
CVE-2026-0265 [HIGH] CVE-2026-0265: Authentication Bypass in Palo Alto Networks PAN-OS
## Overview
On May 13, 2026, Palo Alto Networks published a security advisory for CVE-2026-0265 , a signature verification vulnerability that facilitates authentication bypass on PAN-OS , the operating system that most Palo Alto Networks firewalls run. This vulnerability allows a remote unauthenticated attacker with network access to bypass authentication when Cloud Authentication Service (CAS) is enabled and attached to a login interface; the vulnerable configuration is non-default but common. CVE-2026-0265 affects PAN-OS on PA-Series and VM-Series firewalls, as well as Panorama (virtual and M-Series) appliances. Cloud NGFW and Prisma Access are not affected.
Palo Alto Networks assigned CVE-2026-0265 a “High” 7.2 CVSS score. The advisory states that the vulnerability’s severity scoring
Rapid7
Critical Buffer Overflow in Palo Alto Networks PAN-OS User-ID Authentication Portal (CVE-2026-0300)
blogs_rapid7·2026-05-06·CVSS 9.3
CVE-2026-0300 [CRITICAL] Critical Buffer Overflow in Palo Alto Networks PAN-OS User-ID Authentication Portal (CVE-2026-0300)
## Overview
On May 6, 2026, Palo Alto Networks published a security advisory for CVE-2026-0300 , a critical unauthenticated buffer overflow vulnerability affecting PAN-OS PA-Series and VM-Series firewall appliances. Prisma Access, Cloud NGFW, and Panorama appliances are not affected by this vulnerability. The vulnerability carries a CVSSv4 score of 9.3 and has been confirmed as exploited in the wild by the vendor.
CVE-2026-0300 is a buffer overflow ( CWE-787 ) in the User-ID™ Authentication Portal (also known as Captive Portal), a non-default PAN-OS feature used to map IP addresses to usernames. An unauthenticated remote attacker can exploit this vulnerability by sending specially crafted packets to a device with the Authentication Portal enabled, achieving arbitrary code execution with
Rapid7
CVE-2026-41940: cPanel & WHM Authentication Bypass
blogs_rapid7·2026-04-29·CVSS 9.3
CVE-2026-41940 [CRITICAL] CVE-2026-41940: cPanel & WHM Authentication Bypass
## Overview
On April 28, 2026, cPanel issued a security update to fix a critical vulnerability affecting the cPanel & WHM and WP Squared products. In the cPanel release notes, the bug was described as "an issue with session loading and saving." CVE-2026-41940 , the identifier subsequently assigned on April 29, 2026, has a CVSS score of 9.8 and allows unauthenticated remote attackers to bypass authentication and gain unauthorized administrative access to the affected systems. First-party cPanel & WHM and WP Squared vendor advisories are available.
cPanel & WHM is web hosting control panel software used to manage websites and servers. WHM provides root-level administration, while cPanel acts as the user-facing interface. Successful exploitation of CVE-2026-41940 grants an attacker control
Hackernews
⚡ Weekly Recap: Vercel Hack, Push Fraud, QEMU Abused, New Android RATs Emerge & More
blogs_hackernews·2026-04-20
CVE-2026-20184 ⚡ Weekly Recap: Vercel Hack, Push Fraud, QEMU Abused, New Android RATs Emerge & More
Home
Threat Intelligence
Vulnerabilities
Cyber Attacks
Webinars
Expert Insights
Awards
Webinars
Awards
Free eBooks
About THN
Jobs
Advertise with us
## ⚡ Weekly Recap: Vercel Hack, Push Fraud, QEMU Abused, New Android RATs Emerge & More
Monday’s recap shows the same pattern in different places. A third-party tool becomes a way in, then leads to internal access. A trusted download path is briefly swapped to deliver malware. Browser extensions act normally while pulling data and running code. Even update channels are used to push payloads. It’s not breaking systems—it’s bending trust.
There’s also a shift in how attacks run. Slower check-ins, multi-stage payloads, andmore code kept in memory. Attackers lean on real tools and normal workflows instead of custom builds. Some cas
Rapid7
CVE-2026-33032: Nginx UI Missing MCP Authentication
blogs_rapid7·2026-04-16·CVSS 9.8
CVE-2026-33032 [CRITICAL] CVE-2026-33032: Nginx UI Missing MCP Authentication
## Overview
On March 30, 2026, a security advisory was published for a critical vulnerability affecting Nginx UI . Nginx UI is an open-source web interface to centralize the management of Nginx configurations and SSL certificates. The critical vulnerability, CVE-2026-33032 , was reported in early March by Pluto Security researcher Yotam Perkal and subsequently patched on March 15, 2026. That same day, Pluto Security published a technical blog post with some vulnerability details.
CVE-2026-33032 is a missing authentication bug with a CVSS score of 9.8 ; as a result of missing authentication controls, an unauthenticated attacker can access a Model Context Protocol (MCP) server that can perform privileged operations on managed Nginx web servers. Systems are vulnerable in the default IP allo
Hackernews
Actively Exploited nginx-ui Flaw (CVE-2026-33032) Enables Full Nginx Server Takeover
blogs_hackernews·2026-04-15·CVSS 9.8
CVE-2026-33032 [CRITICAL] Actively Exploited nginx-ui Flaw (CVE-2026-33032) Enables Full Nginx Server Takeover
Home
Threat Intelligence
Vulnerabilities
Cyber Attacks
Webinars
Expert Insights
Awards
Webinars
Awards
Free eBooks
About THN
Jobs
Advertise with us
## Actively Exploited nginx-ui Flaw (CVE-2026-33032) Enables Full Nginx Server Takeover
A recently disclosed critical security flaw impacting nginx-ui, an open-source, web-based Nginx management tool, has come under active exploitation in the wild.
The vulnerability in question is CVE-2026-33032 (CVSS score: 9.8), an authentication bypass vulnerability that enables threat actors to seize control of the Nginx service. It has been codenamed MCPwn by Pluto Security.
"The nginx-ui MCP (Model Context Protocol) integration exposes two HTTP endpoints: /mcp and /mcp_message," according to an advisory released by nginx-ui maintainers l
Bleepingcomputer
Critical Nginx UI auth bypass flaw now actively exploited in the wild
blogs_bleepingcomputer·2026-04-15·CVSS 9.8
CVE-2026-33032 [CRITICAL] Critical Nginx UI auth bypass flaw now actively exploited in the wild
## Critical Nginx UI auth bypass flaw now actively exploited in the wild
## Bill Toulas
A critical vulnerability in Nginx UI with Model Context Protocol (MCP) support is now being exploited in the wild for full server takeover without authentication.
The flaw, tracked as CVE-2026-33032, is caused by nginx-ui leaving the ‘/mcp_message’ endpoint unprotected, allowing remote attackers to invoke privileged MCP actions without credentials.
Because those actions involve writing and reloading nginx configuration files, a single unauthenticated request can modify server behavior and effectively take over the web server.
“[...] any network attacker can invoke all MCP tools without authentication, including restarting nginx, creating/modifying/deleting nginx configuration files, and triggering
Wiz
CVE-2026-33029 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 9.4
CVE-2026-33029 [CRITICAL] CVE-2026-33029 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-33029 :
Nginx UI vulnerability analysis and mitigation
Nginx UI is a web user interface for the Nginx web server. Prior to version 2.3.4, an input validation vulnerability in the logrotate configuration allows an authenticated user to cause a complete Denial of Service (DoS). By submitting a negative integer for the rotation interval, the backend enters an infinite loop or an invalid state, rendering the web interface unresponsive. This issue has been patched in version 2.3.4.
Source : NVD
## 6.9
Score
Published March 30, 2026
Severity MEDIUM
CNA Score 6.9
Affected Technologies
Nginx UI
Has Public Exploit Yes
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 18.7
Exploitation Probability (EPSS) 0
Wiz
CVE-2026-33028 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 9.4
CVE-2026-33028 [CRITICAL] CVE-2026-33028 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-33028 :
Nginx UI vulnerability analysis and mitigation
Nginx UI is a web user interface for the Nginx web server. Prior to version 2.3.4, the nginx-ui application is vulnerable to a Race Condition. Due to the complete absence of synchronization mechanisms (Mutex) and non-atomic file writes, concurrent requests lead to the severe corruption of the primary configuration file (app.ini). This vulnerability results in a persistent Denial of Service (DoS) and introduces a non-deterministic path for Remote Code Execution (RCE) through configuration cross-contamination. This issue has been patched in version 2.3.4.
Source : NVD
## 7.1
Score
Published March 30, 2026
Severity HIGH
CNA Score 7.1
Affected Technologies
Nginx UI
Has Public Exploit Yes
Has CISA KEV Exploit No
C
Wiz
CVE-2026-27944 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 9.8
CVE-2026-27944 [CRITICAL] CVE-2026-27944 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-27944 :
Nginx UI vulnerability analysis and mitigation
Nginx UI is a web user interface for the Nginx web server. Prior to version 2.3.3, the /api/backup endpoint is accessible without authentication and discloses the encryption keys required to decrypt the backup in the X-Backup-Security response header. This allows an unauthenticated attacker to download a full system backup containing sensitive data (user credentials, session tokens, SSL private keys, Nginx configurations) and decrypt it immediately. This issue has been patched in version 2.3.3.
Source : NVD
## 9.8
Score
Published March 5, 2026
Severity CRITICAL
CNA Score 9.8
Affected Technologies
Nginx UI
Has Public Exploit Yes
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploita
Wiz
CVE-2026-33027 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 9.4
CVE-2026-33027 [CRITICAL] CVE-2026-33027 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-33027 :
Nginx UI vulnerability analysis and mitigation
Nginx UI is a web user interface for the Nginx web server. Prior to version 2.3.4, the nginx-ui configuration improperly handles URL-encoded traversal sequences. When specially crafted paths are supplied, the backend resolves them to the base Nginx configuration directory and executes the operation on the base directory (/etc/nginx). In particular, this allows an authenticated user to remove the entire /etc/nginx directory, resulting in a partial Denial of Service. This issue has been patched in version 2.3.4.
Source : NVD
## 6.9
Score
Published March 30, 2026
Severity MEDIUM
CNA Score 6.9
Affected Technologies
Nginx UI
Has Public Exploit Yes
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Dat
Wiz
CVE-2026-33030 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 9.4
CVE-2026-33030 [CRITICAL] CVE-2026-33030 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-33030 :
Nginx UI vulnerability analysis and mitigation
Nginx UI is a web user interface for the Nginx web server. In versions 2.3.3 and prior, Nginx-UI contains an Insecure Direct Object Reference (IDOR) vulnerability that allows any authenticated user to access, modify, and delete resources belonging to other users. The application's base Model struct lacks a user_id field, and all resource endpoints perform queries by ID without verifying user ownership, enabling complete authorization bypass in multi-user environments. At time of publication, there are no publicly available patches.
Source : NVD
## 9.9
Score
Published March 30, 2026
Severity CRITICAL
CNA Score 8.8
Affected Technologies
Nginx UI
Has Public Exploit Yes
Has CISA KEV Exploit No
CISA KEV Release Da
Wiz
CVE-2026-33032 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 9.4
CVE-2026-33032 [CRITICAL] CVE-2026-33032 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-33032 :
Nginx UI vulnerability analysis and mitigation
Nginx UI is a web user interface for the Nginx web server. In versions 2.3.5 and prior, the nginx-ui MCP (Model Context Protocol) integration exposes two HTTP endpoints: /mcp and /mcp_message. While /mcp requires both IP whitelisting and authentication (AuthRequired() middleware), the /mcp_message endpoint only applies IP whitelisting - and the default IP whitelist is empty, which the middleware treats as "allow all". This means any network attacker can invoke all MCP tools without authentication, including restarting nginx, creating/modifying/deleting nginx configuration files, and triggering automatic config reloads - achieving complete nginx service takeover. At time of publication, there are no publicly available patc
Wiz
CVE-2026-33026 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 9.4
CVE-2026-33026 [CRITICAL] CVE-2026-33026 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-33026 :
Nginx UI vulnerability analysis and mitigation
Nginx UI is a web user interface for the Nginx web server. Prior to version 2.3.4, the nginx-ui backup restore mechanism allows attackers to tamper with encrypted backup archives and inject malicious configuration during restoration. This issue has been patched in version 2.3.4.
Source : NVD
## 9.4
Score
Published March 30, 2026
Severity CRITICAL
CNA Score 9.4
Affected Technologies
Nginx UI
Has Public Exploit Yes
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 2
Exploitation Probability (EPSS) N/A
Affected packages and libraries
cpe:2.3:a:nginxui:nginx_ui
github.com/0xjacky/nginx-ui
Sources
GoLang Severity CRITICAL No Fix Added at: Mar
2026-03-30
Published
Exploited in the wild