Back

Critical Authentication Bypass Vulnerability in Nginx-UI Exploited

Severity: High (Score: 72.9)

Sources: Securityaffairs.Co, Csoonline, Infosecurity-Magazine, www.infosecurityeurope.com, nvd.nist.gov

Summary

A critical vulnerability (CVE-2026-33032) in nginx-ui, an open-source web interface for managing nginx servers, has been actively exploited, allowing attackers to bypass authentication and gain full control of affected servers. Discovered by Pluto Security, the flaw has a CVSS score of 9.8 and stems from a missing authentication check on the /mcp_message endpoint. This vulnerability exposes 12 management tools to unauthenticated access, enabling destructive actions such as configuration injection and server restarts. Over 2,600 nginx-ui instances are publicly reachable, with many running on default settings, increasing the risk of exploitation. A patch was released on 2026-03-31, but organizations are urged to take immediate action, including updating to version 2.3.4 or restricting network access. The vulnerability has been added to the Known Exploited Vulnerabilities list, emphasizing its severity and the urgency for remediation. Key Points: • CVE-2026-33032 allows unauthenticated access to nginx servers, posing a critical risk. • Over 2,600 nginx-ui instances are vulnerable, many using default configurations. • A patch was released on 2026-03-31, but immediate action is required to mitigate risks.

Key Entities

  • Data Breach (attack_type)
  • Ransomware (attack_type)
  • Zero-day Exploit (attack_type)
  • Nginx (tool)
  • Docker (tool)
  • Angry IP Scanner (tool)
  • Cuckoo Sandbox (tool)
  • Ghidra (tool)
  • Pluto Security (company)
  • Pluto Security AI (company)
  • China (country)
  • Germany (country)
  • Hong Kong (country)
  • Indonesia (country)
  • United States (country)
  • CVE-2025-55182 (cve)
  • CVE-2026-33032 (cve)
  • T1046 - Network Service Discovery (mitre_attack)
  • T1059 - Command and Scripting Interpreter (mitre_attack)
  • T1190 - Exploit Public-Facing Application (mitre_attack)
  • Nginx-ui (platform)
  • MCPwn (vulnerability)
  • MCPwnfluence (vulnerability)
  • Nginx-ui Flaw (vulnerability)
  • React2Shell (malware)
Loading threat details...

Threat Not Found

The threat cluster you're looking for doesn't exist or has been removed.

Return to Feed