A critical authentication bypass in nginx-ui, a widely used open-source web interface for managing nginx servers, has been actively exploited in the wild. The vulnerability, tracked as CVE-2026-33032 with a CVSS score of 9.8, was discovered by Pluto Security and allows any network-adjacent attacker to take full control of an nginx server through a single unauthenticated API request, according to Pluto Security.
VulnCheck has added the flaw to its Known Exploited Vulnerabilities list, and Recorded Future's Insikt Group independently flagged it as one of 31 high-impact vulnerabilities exploited during March 2026, assigning it a risk score of 94 out of 100, according to Recorded Future's Insikt Group.
The root cause is a missing authentication check on the /mcp_message endpoint, which processes tool invocations and config writes; this leaves 12 MCP tools available to unauthenticated callers, with seven destructive and five for reconnaissance.
Pluto Security's researchers identified over 2,600 publicly reachable nginx-ui instances across Alibaba Cloud, Oracle and Tencent, most on port 9000, and the nginx-ui Docker image has been pulled more than 430,000 times, suggesting a much larger vulnerable population behind firewalls.
The maintainers released a patch in version 2.3.4 a day after disclosure, adding 27 characters of code plus a regression test, and organisations running MCP-enabled nginx-ui should update to 2.3.4 or later, disable MCP if patching is not possible, restrict network access, and review logs and configuration directories for unauthorised changes, according to the article.