A critical authentication-bypass vulnerability in nginx-ui (CVE-2026-33032) enables attackers to invoke MCP tools via the unauthenticated /mcp_message endpoint to restart Nginx, modify configs, reload the server, and harvest credentials. Pluto Security dubbed the flaw MCPwn, researchers found about 2,689 exposed instances worldwide and a patch was released in nginx-ui 2.3.4 on March 15, 2026; administrators should update immediately or apply workarounds such as enforcing AuthRequired() on /mcp_message or changing IP allowlisting to deny-all. #nginx-ui #CVE-2026-33032
Keypoints
- CVE-2026-33032 is an authentication bypass in nginx-ui with a CVSS score of 9.8.
- The /mcp_message endpoint applies only IP allowlisting and defaults to allow-all, permitting unauthenticated access.
- Attackers can achieve full Nginx takeover in seconds using a GET to /mcp to obtain a session ID and a POST to /mcp_message.
- Shodan data shows about 2,689 publicly reachable nginx-ui instances, putting unpatched deployments at immediate risk.
- Update to nginx-ui 2.3.4 or enforce middleware.AuthRequired() on /mcp_message and change IP allowlisting to deny-all as interim mitigations.
Read More: https://thehackernews.com/2026/04/critical-nginx-ui-vulnerability-cve.html