AgenceEvana
Back to bulletins
Critical2026-04-09CVSS 9.8CVE-2026-33032 (2026-04-07)nginxnginx-uiauthenticationactive-exploitationweb-servermcp

CVE-2026-33032: Critical Authentication Bypass in nginx-ui, Actively Exploited

A critical flaw in nginx-ui (CVSS 9.8) allows an unauthenticated attacker to take full control of a Nginx server in just two HTTP requests. The vulnerability is being actively exploited in the wild.

Context

nginx-ui is an open source web interface for managing Nginx server configuration. A critical vulnerability was discovered in its MCP (Model Context Protocol) integration, allowing any attacker to bypass authentication and take complete control of the server.

According to Shodan data, approximately 2,689 instances are currently exposed on the internet.

Attack Mechanism

nginx-ui exposes two HTTP endpoints as part of its MCP integration:

  • /mcp — protected by IP whitelisting and authentication
  • /mcp_message — protected by IP whitelisting only, empty by default, meaning it is accessible from any address

The /mcp_message endpoint handles writing and reloading Nginx configuration files, but its authentication middleware is missing. An attacker can invoke privileged actions with zero credentials — two HTTP requests are enough to take full control of the server.

Impact

An attacker exploiting this vulnerability can:

  • Modify Nginx configuration to intercept or redirect all incoming traffic
  • Steal admin credentials by manipulating server logs
  • Maintain persistent access by stealing tokens and secrets
  • Map the infrastructure by reading configuration files
  • Take down services by pushing an invalid configuration

Affected Versions

All versions of nginx-ui prior to version 2.3.4.

Remediation

Update nginx-ui to version 2.3.4 as soon as possible. This version adds the missing authentication middleware to the /mcp_message endpoint.

While waiting to update, check whether your instance is exposed:

# Test if the endpoint is accessible without authentication
curl -s -o /dev/null -w "%{http_code}" http://YOUR_IP:PORT/mcp_message
# A 200 response means your instance is vulnerable and exposed

Recommendations

  • Never expose nginx-ui directly to the internet — restrict access via VPN or private network
  • Apply an explicit IP whitelist on all admin interfaces
  • Monitor logs for unusual access to the /mcp and /mcp_message endpoints
  • Audit your web admin interfaces — this type of flaw (missing middleware on a single endpoint) is common in open source tools with limited security auditing