Infosecurity-Magazine
Critical NGINX UI Vulnerability CVE-2026-33032 Under Active Exploitation
Ask AI about this cluster
Analyzing cluster data...
Referenced clusters:
Something went wrong. Please try again.
Cluster AI
Ask questions about this threat cluster with AI-powered analysis.
Get Researcher $29.99/moArticle Content
A critical vulnerability in the nginx-ui web server management tool, tracked as CVE-2026-33032, has been actively exploited since March 2026. This flaw allows attackers to bypass authentication on the /mcp_message endpoint, enabling full control over NGINX servers through a single unauthenticated API request. Discovered by Pluto Security, the vulnerability has a CVSS score of 9.8 and affects numerous installations, with over 2,600 instances identified as publicly accessible. The nginx-ui maintainers released a patch (version 2.3.4) on March 15, 2026, but many systems remain unpatched. Attackers can leverage this vulnerability to modify server configurations, reload services, and intercept traffic. Organizations using nginx-ui are urged to update immediately or restrict access to the management interface. The vulnerability highlights risks associated with the integration of AI management protocols in web applications.
Key Points: • CVE-2026-33032 allows unauthenticated access to critical NGINX management functions. • Over 2,600 nginx-ui instances are publicly exposed and vulnerable to exploitation. • A patch was released on March 15, 2026, but many systems remain unpatched.