ATTACKERS are actively exploiting a critical flaw in the nginx-ui interface for managing NGINX, tracked as CVE-2026-33032 with a CVSS of 9.8, which stems from an insecure MCP implementation and allows unauthenticated changes to NGINX server configurations in some cases.
According to nginx-ui maintainers, the vulnerability enables any network attacker to invoke MCP tools without authentication, including restarting nginx, and creating, modifying or deleting configuration files, effectively risking a full nginx service takeover. Pluto Security researchers found that the MCP endpoints, especially /mcp_message, performed no authentication at all, and that the session secret used to establish MCP sessions was a static UUID stored in plaintext, weakening the intended protection.
They also noted that an IP whitelist on /mcp defaults to empty, with over 2,600 publicly exposed nginx-ui instances detected on the default port 9000. The fixed version is v2.3.4, released after the vulnerability was reported in early March, though updating does not fully guarantee safety for those lacking network access or proper containment.
The report highlights that compromising nginx-ui could give attackers full control of the NGINX environment, including potential traffic redirection and configuration reloads that could take down services, underscoring the broader risks MCP can introduce when added to applications. 15 April 2026