A critical authentication bypass in nginx-ui, a widely used open-source web interface for managing nginx servers, has been actively exploited in the wild.<\/p>\n
The vulnerability, tracked as CVE-2026-33032 with a CVSS score of 9.8, was discovered by Pluto Security and allows any network-adjacent attacker to take full control of an nginx server through a single unauthenticated API request.<\/p>\n
VulnCheck has added the flaw to its Known Exploited Vulnerabilities (KEV) list. Recorded Future's Insikt Group independently flagged it in a recent report<\/a> as one of 31 high-impact vulnerabilities exploited during March 2026, assigning it a risk score of 94 out of 100.<\/p>\n The root cause comes down to a single missing function call: nginx-ui recently added support for the Model Context Protocol (MCP), which splits communication across two HTTP endpoints.<\/p>\n The \/mcp endpoint, used for establishing connections, carries both IP whitelisting and authentication middleware. But \/mcp_message, the endpoint that processes every tool invocation including configuration writes and server restarts, shipped without the authentication check.<\/p>\n That omission exposes 12 MCP tools to unauthenticated callers. Seven are destructive, enabling attackers to inject nginx configurations, reload the server and intercept all traffic passing through it. The remaining five provide reconnaissance capabilities such as reading existing configs and mapping backend infrastructure.<\/p>\nMissing Middleware, Full Access<\/strong><\/h2>\n