CVE-2026-33032
Nginx UI: Unauthenticated MCP Endpoint Allows Remote Nginx Takeover
Description
Nginx UI is a web user interface for the Nginx web server. In versions 2.3.5 and prior, the nginx-ui MCP (Model Context Protocol) integration exposes two HTTP endpoints: /mcp and /mcp_message. While /mcp requires both IP whitelisting and authentication (AuthRequired() middleware), the /mcp_message endpoint only applies IP whitelisting - and the default IP whitelist is empty, which the middleware treats as "allow all". This means any network attacker can invoke all MCP tools without authentication, including restarting nginx, creating/modifying/deleting nginx configuration files, and triggering automatic config reloads - achieving complete nginx service takeover. At time of publication, there are no publicly available patches.
INFO
Published Date :
March 30, 2026, 6:16 p.m.
Last Modified :
April 16, 2026, 10:16 p.m.
Remotely Exploit :
Yes !
Source :
[email protected]
CVSS Scores
| Score | Version | Severity | Vector | Exploitability Score | Impact Score | Source |
|---|---|---|---|---|---|---|
| CVSS 3.1 | CRITICAL | [email protected] | ||||
| CVSS 3.1 | CRITICAL | MITRE-CVE |
Solution
- Implement authentication on the /mcp_message endpoint.
- Configure a restrictive IP whitelist for /mcp_message.
- Review and restrict access to the /mcp endpoint.
- Consider upgrading Nginx UI when patches are available.
Public PoC/Exploit Available at Github
CVE-2026-33032 has a 9 public
PoC/Exploit available at Github.
Go to the Public Exploits tab to see the list.
References to Advisories, Solutions, and Tools
Here, you will find a curated list of external links that provide in-depth
information, practical solutions, and valuable tools related to
CVE-2026-33032.
| URL | Resource |
|---|---|
| https://github.com/0xJacky/nginx-ui/security/advisories/GHSA-h6c2-x2m2-mwhf | Exploit Mitigation Vendor Advisory |
| https://websec.net/blog/cve-2026-33032-unauthenticated-nginx-ui-mcp-takeover-69e1200f9fceb1f3fbe9c47f | |
| https://github.com/0xJacky/nginx-ui/security/advisories/GHSA-h6c2-x2m2-mwhf | Exploit Mitigation Vendor Advisory |
CWE - Common Weakness Enumeration
While CVE identifies
specific instances of vulnerabilities, CWE categorizes the common flaws or
weaknesses that can lead to vulnerabilities. CVE-2026-33032 is
associated with the following CWEs:
Common Attack Pattern Enumeration and Classification (CAPEC)
Common Attack Pattern Enumeration and Classification
(CAPEC)
stores attack patterns, which are descriptions of the common attributes and
approaches employed by adversaries to exploit the CVE-2026-33032
weaknesses.
We scan GitHub repositories to detect new proof-of-concept exploits. Following list is a collection of public exploits and proof-of-concepts, which have been published on GitHub (sorted by the most recently updated).
None
Dockerfile Python Shell TypeScript
One missing function call on the route registration was enough to turn the MCP interface into an unauthenticated RCE gateway.
Python Lua
Docker Compose setup to demonstrate the nginx-ui missing authentication vulnerability
Python HTML
Non-destructive vulnerability scanner for Nginx-UI MCP Endpoint Authentication Bypass (CVE-2026-33032)
Python
Automated GitHub Actions workflow that fetches and updates the latest cybersecurity news every Tuesday and Thursday using RSS feeds.
Cathedral-Grade Security for AI Agents. 23/23 attack vectors caught. Local-first, zero API cost. MIT licensed.
Python
None
PowerShell Shell
📡 PoC auto collect from GitHub. ⚠️ Be careful Malware.
security cve exploit poc vulnerability
爬取secwiki和xuanwu.github.io/sec.today,分析安全信息站点、安全趋势、提取安全工作者账号(twitter,weixin,github等)
Python HTML
Results are limited to the first 15 repositories due to potential performance issues.
The following list is the news that have been mention
CVE-2026-33032 vulnerability anywhere in the article.
-
SentinelOne
The Good, the Bad and the Ugly in Cybersecurity – Week 16
The Good | U.S. Authorities Seize W3LL Phishing Ring & Jail DPRK IT Worker Scheme Facilitators The FBI has dismantled the “W3LL” phishing platform, seized its infrastructure, and arrested its alleged ... Read more
-
The Cyber Express
Critical nginx-ui Flaw (CVE-2026-33032) Enables Full Nginx Server Takeover
A critical vulnerability identified as CVE-2026-33032 is drawing urgent attention from the cybersecurity community due to its role in enabling a full-scale Nginx server takeover. The flaw affects ngin ... Read more
-
Daily CyberSecurity
Critical Hardcoded Credential Bug Hits Nexus Repository 3
In the world of DevSecOps, Sonatype Nexus Repository is a cornerstone for managing software artifacts and supply chain security. However, a recently disclosed vulnerability has revealed that the “vaul ... Read more
-
Daily CyberSecurity
Critical 9.1 Bypass in OAuth2 Proxy Exposes Upstream Resources
In the world of cloud-native security, OAuth2 Proxy serves as a vital gatekeeper, providing a flexible and open-source way to protect web applications with OAuth2 and OIDC authentication. However, a n ... Read more
-
CybersecurityNews
Nginx-ui Vulnerability Actively Exploited in Attack – Enables Full Server Takeover
A critical authentication bypass vulnerability in Nginx UI, tracked as CVE-2026-33032 with a maximum CVSS score of 9.8, is currently being actively exploited in the wild. This flaw allows unauthentica ... Read more
-
security.nl
Kritieke kwetsbaarheid in Nginx UI - CVE-2026-33032
Een kritieke kwetsbaarheid in Nginx UI maakt het mogelijk voor aanvallers om Nginx servers (die gebruik maken van Nginx UI) op afstand over te nemen. Nginx UI is een webgebaseerde managementinterface ... Read more
-
security.nl
CISA meldt actief misbruik van Windows kwetsbaarheid
Een kwetsbaarheid in Windows waardoor een aanvaller die al toegang tot een systeem heeft zijn rechten kan verhogen wordt actief misbruikt, zo meldt het Cybersecurity and Infrastructure Security Agency ... Read more
-
Daily CyberSecurity
Cisco Patches Critical CVSS 9.9 RCE Flaws in Identity Services Engine
Cisco has issued a critical security advisory regarding its Identity Services Engine (ISE), warning of a pair of high-stakes vulnerabilities that could allow an attacker with even minimal access to se ... Read more
-
Daily CyberSecurity
RedSun: New Windows Defender Zero-Day Turns Protector into Attacker, PoC Publishes
Just as the cybersecurity community began digesting the latest round of patches for the high-profile “BlueHammer” vulnerability, a new storm has appeared on the horizon. On April 16, 2026, the securit ... Read more
-
The Hacker News
Actively Exploited nginx-ui Flaw (CVE-2026-33032) Enables Full Nginx Server Takeover
A recently disclosed critical security flaw impacting nginx-ui, an open-source, web-based Nginx management tool, has come under active exploitation in the wild. The vulnerability in question is CVE-20 ... Read more
-
Daily CyberSecurity
Exploited in the Wild: Critical 9.3 CVSS Flaw Turns Tianxin Systems into Hacker Gateways
A critical security vulnerability, tracked as CVE-2021-4473, has been identified in the Tianxin Internet Behavior Management System. With a severe CVSS score of 9.3, this flaw allows unauthenticated a ... Read more
-
Daily CyberSecurity
Critical Security Update: IBM Patches Multiple Vulnerabilities in Verify Identity and Access
IBM has released a comprehensive bulletin addressing a series of vulnerabilities within its Verify Identity Access and Security Verify Access product lines. The flaws range from low-impact redirection ... Read more
-
Daily CyberSecurity
OpenSSL Issues Major Security Advisory: RSA and Memory Vulnerabilities Fixed
OpenSSL has released a comprehensive security advisory detailing seven vulnerabilities ranging from Moderate to Low severity. The report, dated April 7, 2026, highlights critical fixes for modern vers ... Read more
-
Daily CyberSecurity
APT28 Hijacks Home Routers to Steal Corporate Credentials
In a major technical disclosure, the UK National Cyber Security Centre (NCSC) has detailed a sophisticated campaign by the Russian threat actor APT28 (also known as Fancy Bear or Forest Blizzard). The ... Read more
-
Daily CyberSecurity
Budibase Patches Critical RCE and SSRF Vulnerabilities
Budibase, the popular open-source low-code platform used by engineers to rapidly build internal tools, has released urgent security patches to address two critical vulnerabilities. The flaws, which in ... Read more
-
Daily CyberSecurity
10.0 CVSS Flaw in Kestra Grants Full Server Control
A critical security vulnerability has been unmasked in Kestra, the popular open-source, event-driven orchestration platform. The flaw, tracked as CVE-2026-34612, carries a maximum CVSS score of 10.0, ... Read more
-
Daily CyberSecurity
Critical JWT Bypass in Convoy Panel Allows Full Account Takeover
A critical security vulnerability has been unmasked in Convoy, the modern KVM server management panel used by businesses to manage virtualized infrastructure. The flaw, tracked as CVE-2026-33746, carr ... Read more
-
Daily CyberSecurity
Breaking the App Shell: Five New Electron Vulnerabilities Shatter Context Isolation
The Electron framework—the powerhouse behind heavyweights like Visual Studio Code and countless other cross-platform desktop applications —has released a series of important patches to address five si ... Read more
-
Daily CyberSecurity
UAT-10608 Uses a Next.js “React2Shell” Flaw to Map Your Entire Cloud
NEXUS Listener victims list | Image: Cisco Talos Cisco Talos has revealed a major automated credential harvesting campaign, tracked as UAT-10608, that has already compromised at least 766 hosts across ... Read more
-
Daily CyberSecurity
Android Security Bulletin April 2026: Critical Framework Patch Targets “Zero-Interaction” DoS Vulnerability
Google has released its Android Security Bulletin for April 2026, delivering a suite of critical security fixes for the world’s most popular mobile operating system. The update is divided into two dis ... Read more
The following table lists the changes that have been made to the
CVE-2026-33032 vulnerability over time.
Vulnerability history details can be useful for understanding the evolution of a vulnerability, and for identifying the most recent changes that may impact the vulnerability's severity, exploitability, or other characteristics.
-
CVE Modified by af854a3a-2127-422b-91ae-364da2661108
Apr. 16, 2026
Action Type Old Value New Value Added Reference https://websec.net/blog/cve-2026-33032-unauthenticated-nginx-ui-mcp-takeover-69e1200f9fceb1f3fbe9c47f -
Initial Analysis by [email protected]
Apr. 01, 2026
Action Type Old Value New Value Added CPE Configuration OR *cpe:2.3:a:nginxui:nginx_ui:*:*:*:*:*:*:*:* versions up to (including) 2.3.5 Added Reference Type GitHub, Inc.: https://github.com/0xJacky/nginx-ui/security/advisories/GHSA-h6c2-x2m2-mwhf Types: Exploit, Mitigation, Vendor Advisory Added Reference Type CISA-ADP: https://github.com/0xJacky/nginx-ui/security/advisories/GHSA-h6c2-x2m2-mwhf Types: Exploit, Mitigation, Vendor Advisory -
CVE Modified by 134c704f-9b21-4f2e-91b3-4a467353bcc0
Mar. 30, 2026
Action Type Old Value New Value Added Reference https://github.com/0xJacky/nginx-ui/security/advisories/GHSA-h6c2-x2m2-mwhf -
New CVE Received by [email protected]
Mar. 30, 2026
Action Type Old Value New Value Added Description Nginx UI is a web user interface for the Nginx web server. In versions 2.3.5 and prior, the nginx-ui MCP (Model Context Protocol) integration exposes two HTTP endpoints: /mcp and /mcp_message. While /mcp requires both IP whitelisting and authentication (AuthRequired() middleware), the /mcp_message endpoint only applies IP whitelisting - and the default IP whitelist is empty, which the middleware treats as "allow all". This means any network attacker can invoke all MCP tools without authentication, including restarting nginx, creating/modifying/deleting nginx configuration files, and triggering automatic config reloads - achieving complete nginx service takeover. At time of publication, there are no publicly available patches. Added CVSS V3.1 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Added CWE CWE-306 Added Reference https://github.com/0xJacky/nginx-ui/security/advisories/GHSA-h6c2-x2m2-mwhf