CVE-2026-33032

Name of the Vulnerable Software and Affected Versions nginx-ui versions prior to 2.3.4

Description An authentication bypass exists in the Model Context Protocol (MCP) integration of nginx-ui. The software exposes two HTTP endpoints: '/mcp' and '/mcp message'. While '/mcp' requires both IP whitelisting and authentication via the AuthRequired() middleware, the '/mcp message' endpoint only applies IP whitelisting. Because the default IP whitelist is empty, the middleware treats this as allow-all, permitting any network attacker to invoke MCP tools without authentication. This allows remote attackers to restart nginx, create, modify, or delete configuration files, and trigger automatic configuration reloads, leading to a complete takeover of the nginx service. Approximately 2,689 to 14,300 exposed instances have been identified globally. This issue is actively exploited in the wild.

Recommendations Update to version 2.3.4 or newer. As a temporary workaround, disable the MCP functionality or restrict network access to the management interfaces to prevent unauthorized access to the '/mcp message' endpoint.