Ethical Hacking News
A critical security flaw in nginx-ui has been exposed, compromising the security of web-based Nginx management tools. The vulnerability, identified as CVE-2026-33032 and codenamed MCPwn by Pluto Security, is an authentication bypass flaw that enables threat actors to seize control of the Nginx service. Organizations running nginx-ui are advised to update immediately or take interim measures to secure their systems.
A critical security flaw in nginx-ui has been exposed, compromising web-based Nginx management tools.The vulnerability, CVE-2026-33032, is an authentication bypass flaw that enables threat actors to seize control of the Nginx service.The nginx-ui MCP integration exposes a vulnerable endpoint that can be invoked without authentication, allowing attackers to access and modify Nginx configuration files.Successful exploitation of the flaw could enable attackers to intercept all traffic, harvest administrator credentials, and even take control of the server in seconds.A patch has been released (version 2.3.4) and recommended workarounds are available to mitigate the vulnerability.
In a recent revelation, a critical security flaw in nginx-ui has been exposed, compromising the security of web-based Nginx management tools. The vulnerability, identified as CVE-2026-33032 and codenamed MCPwn by Pluto Security, is an authentication bypass flaw that enables threat actors to seize control of the Nginx service.
The nginx-ui MCP (Model Context Protocol) integration exposes two HTTP endpoints: /mcp and /mcp_message. While /mcp requires both IP whitelisting and authentication, the /mcp_message endpoint only applies IP whitelisting, with a default IP whitelist that is treated as 'allow all' by the middleware. This means any network attacker can invoke all MCP tools without authentication, including restarting Nginx, creating/modifying/deleting Nginx configuration files, and triggering automatic config reloads.
According to Pluto Security researcher Yotam Perkal, who identified and reported the flaw, the attack can facilitate a full takeover in seconds via two requests. The first request is an HTTP GET request to the /mcp endpoint, establishing a session and obtaining a session ID. The second request is an HTTP POST request to the /mcp_message endpoint using the session ID, invoking any MCP tool sans authentication.
Successful exploitation of the flaw could enable attackers to invoke MCP tools, modify Nginx configuration files, and reload the server. Furthermore, an attacker could exploit this loophole to intercept all traffic and harvest administrator credentials.
Following responsible disclosure, the vulnerability was addressed in version 2.3.4, released on March 15, 2026. As a workaround, users are advised to add "middleware.AuthRequired()" to the "/mcp_message" endpoint to force authentication. Alternatively, it's recommended to change the IP allowlisting default behavior from 'allow-all' to 'deny-all'.
The disclosure comes as Recorded Future listed CVE-2026-33032 as one of the 31 vulnerabilities that have been actively exploited by threat actors in March 2026. There are currently no insights on the exploitation activity associated with the security flaw.
Data from Shodan shows that there are approximately 2,689 exposed instances of nginx-ui on the internet, with most of them located in China, the U.S., Indonesia, Germany, and Hong Kong. Given this information, organizations running nginx-ui should treat this as an emergency and update to version 2.3.4 immediately or disable MCP functionality and restrict network access as an interim measure.
News of CVE-2026-33032 follows the discovery of two security flaws in the Atlassian MCP server ("mcp-atlassian") that could be chained to achieve remote code execution. The flaws – tracked as CVE-2026-27825 (CVSS 9.1) and CVE-2026-27826 (CVSS 8.2) and dubbed MCPwnfluence – enable any attacker on the same local network to run arbitrary code on a vulnerable machine without requiring any authentication.
Related Information:
https://www.ethicalhackingnews.com/articles/A-Critical-Nginx-UI-Flaw-Exposed-A-Threat-to-Server-Security-ehn.shtml
https://thehackernews.com/2026/04/critical-nginx-ui-vulnerability-cve.html
https://securityaffairs.com/189123/security/critical-nginx-ui-flaw-cve-2026-27944-exposes-server-backups.html
https://nvd.nist.gov/vuln/detail/CVE-2026-33032
https://www.cvedetails.com/cve/CVE-2026-33032/
https://nvd.nist.gov/vuln/detail/CVE-2026-27825
https://www.cvedetails.com/cve/CVE-2026-27825/
https://nvd.nist.gov/vuln/detail/CVE-2026-27826
https://www.cvedetails.com/cve/CVE-2026-27826/
https://github.com/plutosecurity/MCPwnfluence
https://pluto.security/blog/mcpwnfluence-cve-2026-27825-critical/
Published: Wed Apr 15 08:56:12 2026 by llama3.2 3B Q4_K_M
