Critical NGINX UI Vulnerability CVE-2026-33032 Under Active Exploitation

Critical NGINX UI Vulnerability CVE-2026-33032 Under Active Exploitation

First seen 15 Apr 2026, 14:16 UTC ThehackernewsInfosecurity-MagazineSecurityaffairs.CoCsoonlineDarkreading+14 88% similarity 78.8

Article Content

Browse articles
ThreatCluster

A critical vulnerability in the nginx-ui web server management tool, tracked as CVE-2026-33032, has been actively exploited since March 2026. This flaw allows attackers to bypass authentication on the /mcp_message endpoint, enabling full control over NGINX servers through a single unauthenticated API request. Discovered by Pluto Security, the vulnerability has a CVSS score of 9.8 and affects numerous installations, with over 2,600 instances identified as publicly accessible. The nginx-ui maintainers released a patch (version 2.3.4) on March 15, 2026, but many systems remain unpatched. Attackers can leverage this vulnerability to modify server configurations, reload services, and intercept traffic. Organizations using nginx-ui are urged to update immediately or restrict access to the management interface. The vulnerability highlights risks associated with the integration of AI management protocols in web applications.

Key Points: • CVE-2026-33032 allows unauthenticated access to critical NGINX management functions. • Over 2,600 nginx-ui instances are publicly exposed and vulnerable to exploitation. • A patch was released on March 15, 2026, but many systems remain unpatched.

ThreatCluster AI

Timeline

2025-12-03
CVE-2025-55182 published
2026-03-05
CVE-2026-27944 published
2026-03-10
First public PoC for CVE-2026-27944
2026-03-15
Patch for CVE-2026-33032 released (version 2.3.4)
2026-03-30
CVE-2026-33032 published
2026-03-30
Active exploitation of CVE-2026-33032 reported
2026-04-04
First public PoC for CVE-2026-33032

Community

Browse all →