{"id":607,"date":"2026-04-15T13:55:16","date_gmt":"2026-04-15T13:55:16","guid":{"rendered":"https:\/\/thedigitalfortress.us\/?p=607"},"modified":"2026-04-15T13:55:16","modified_gmt":"2026-04-15T13:55:16","slug":"actively-exploited-nginx-ui-flaw-cve-2026-33032-enables-full-nginx-server-takeover","status":"publish","type":"post","link":"https:\/\/thedigitalfortress.us\/?p=607","title":{"rendered":"Actively Exploited nginx-ui Flaw (CVE-2026-33032) Enables Full Nginx Server Takeover"},"content":{"rendered":"
\n

\ue804<\/i>Ravie Lakshmanan<\/span>\ue802<\/i>Apr 15, 2026<\/span><\/span>Web Security \/ Vulnerability<\/span><\/p>\n<\/div>\n

\n
<\/a><\/div>\n

A recently disclosed critical security flaw impacting nginx-ui, an open-source, web-based Nginx management tool, has come under active exploitation in the\u00a0wild.<\/p>\n

The vulnerability in question is CVE-2026-33032 (CVSS score: 9.8), an authentication bypass vulnerability that enables threat actors to seize control of the Nginx service. It\u00a0has been codenamed MCPwn <\/b>by Pluto\u00a0Security.<\/p>\n

\u00abThe\u00a0nginx-ui MCP<\/a> (Model Context Protocol) integration exposes two HTTP endpoints: \/mcp and \/mcp_message,\u00bb according to\u00a0an advisory<\/a> released by nginx-ui maintainers last month. \u00abWhile \/mcp requires both IP whitelisting and authentication (AuthRequired() middleware), the \/mcp_message endpoint only applies IP whitelisting — and the default IP whitelist is empty, which the middleware treats as ‘allow\u00a0all.'\u00bb\u00a0<\/p>\n

\u00abThis means any network attacker can invoke all MCP tools without authentication, including restarting nginx, creating\/modifying\/deleting nginx configuration files, and triggering automatic config reloads – achieving complete nginx service takeover.\u00bb<\/p>\n

\n
\"Cybersecurity\"<\/a><\/div>\n<\/div>\n

According to Pluto Security<\/a> researcher Yotam Perkal, who identified and reported the flaw, the attack can facilitate a full takeover in seconds via two requests\u00a0–<\/p>\n