CVE-2026-33032

Name of the Vulnerable Software and Affected Versions Nginx UI versions prior to 2.3.6

Description An authentication bypass exists in the Model Context Protocol (MCP) integration of Nginx UI. The software exposes two HTTP endpoints: '/mcp' and '/mcp message'. While '/mcp' requires both IP whitelisting and authentication via the AuthRequired() middleware, the '/mcp message' endpoint only applies IP whitelisting. Because the default IP whitelist is empty, the middleware treats this as "allow all," permitting any network attacker to invoke MCP tools without authentication. Additionally, the '/api/mcp/invoke' endpoint fails to verify session tokens.

This flaw allows remote attackers to achieve complete takeover of the Nginx service by performing actions such as restarting Nginx, creating, modifying, or deleting configuration files, and triggering automatic configuration reloads. Approximately 2,689 exposed instances have been identified worldwide, with active exploitation confirmed in the wild.

Recommendations Update to Nginx UI version 2.3.6 immediately. As a temporary workaround, disable the Nginx UI service entirely or block access to the management port at the network firewall.