Nginx-ui Vulnerability Actively Exploited: Server Attack Enables

Active exploitation is underway for a critical authentication bypass vulnerability found in Nginx UI. Tracked as CVE-2026-33032, the flaw carries a maximum CVSS score of 9.8.

This flaw allows unauthenticated remote attackers to gain complete control over affected Nginx web servers.

Cybersecurity researchers from Pluto Security discovered the vulnerability, which stems from a single missing function call in the application’s Model Context Protocol (MCP) integration.

With over 2,600 publicly exposed instances identified on Shodan, the risk to organizations relying on Nginx UI for web server management is severe.

Nginx-ui Vulnerability Actively Exploited

The vulnerability exists within the MCP integration of Nginx UI, a popular web-based interface for managing Nginx configurations.

The application uses two HTTP endpoints for its MCP functionality: /mcp and /mcp_message.

While the /mcp endpoint correctly enforces both IP whitelisting and authentication, the /mcp_message endpoint lacks the necessary authentication middleware entirely.

Furthermore, the IP whitelist mechanism features a fail-open design. By default, the whitelist is completely empty, which the system interprets as allowing all traffic.

This combination of missing authentication and a permissive default configuration means that any attacker on the network can send direct HTTP POST requests to the /mcp_message endpoint and invoke administrative tools without needing a password, token, or session cookie.

An unauthenticated attacker can exploit this flaw to execute any of the 12 available MCP tools.

Because these tools are designed to manage the underlying Nginx server, the consequences of unauthorized access are devastating.

The most critical impacts and attacker capabilities include:

• Complete Service Takeover: Attackers can use tools like nginx_config_add to create or modify configuration files, which automatically triggers an immediate server reload.
• Traffic Interception: By rewriting server blocks, threat actors can proxy all traffic through an attacker-controlled endpoint to capture credentials, session tokens, and sensitive data in transit.
• Credential Harvesting: Attackers can inject custom logging directives to capture authorization headers from administrators accessing Nginx UI.
• Configuration Exfiltration: Read-only tools allow attackers to read all existing configuration files, exposing backend topologies and TLS certificate paths.
• Service Disruption: Writing an invalid configuration and forcing a reload can take the entire Nginx server offline.

Active Exploitation and Scope

The threat is not theoretical: a public proof-of-concept exploit is circulating, and active exploitation has been confirmed by Pluto Security.

VulnCheck has added CVE-2026-33032 to its Known Exploited Vulnerabilities (KEV) list, while Recorded Future’s Insikt Group identified it as a high-impact flaw actively leveraged by threat actors.

The public release of exploit code on GitHub advisories significantly lowers the barrier to entry, enabling even low-skilled attackers to exploit unpatched systems.

Organizations running Nginx UI must take immediate action to secure their infrastructure.

Security experts recommend the following mitigation strategies:

• Update immediately to Nginx UI version 2.3.4 or later, which patches the vulnerability by adding the missing authentication middleware to the /mcp_message endpoint.
• If patching is not immediately possible, disable the MCP feature entirely to remove the attack surface.
• Restrict the IP whitelist to trusted administrator IP addresses rather than leaving it empty, ensuring a fail-closed security posture.
• Review all Nginx access logs and configuration directories for unauthorized changes or unfamiliar files that may indicate a compromise.

Disclaimer: HackersRadar reports on cybersecurity threats and incidents for informational and awareness purposes only. We do not engage in hacking activities, data exfiltration, or the hosting or distribution of stolen or leaked information. All content is based on publicly available sources.