A critical vulnerability in the Nginx UI web management interface (CVE-2026-33032) tied to its MCP AI integration has been exploited in the wild and can allow unauthenticated attackers to take full control of exposed servers. Pluto Security found over 2,600 internet-exposed instances, technical details and a public PoC exist, and the issue was patched in Nginx UI 2.3.4. #NginxUI #CVE-2026-33032 #MCP #PlutoSecurity #RecordedFuture
Keypoints
- CVE-2026-33032 is a critical unauthenticated vulnerability in Nginx UI’s MCP AI integration that can lead to full server takeover.
- The flaw was responsibly disclosed by Pluto Security and patched in Nginx UI version 2.3.4.
- Pluto Security discovered more than 2,600 internet-exposed instances and published technical details and a PoC exploit.
- Recorded Future reported CVE-2026-33032 among 31 high-impact vulnerabilities observed exploited in the wild in March 2026, though public attack specifics are limited.
- Successful exploitation can allow traffic interception, backdoor deployment, malicious redirects, disruption, and data theft; other recent Nginx UI flaws include CVE-2026-27944 and CVE-2026-33030.
Read More: https://www.securityweek.com/exploited-vulnerability-exposes-nginx-servers-to-hacking/