Lucene search
K

6 matches found

F5 Networks
F5 Networks
added 2026/05/20 5:46 a.m.18 views

K000161327: NGINX UI vulnerability CVE-2026-33032

Security Advisory Description Nginx UI is a web user interface for the Nginx web server. In versions 2.3.5 and prior, the nginx-ui MCP Model Context Protocol integration exposes two HTTP endpoints: /mcp and /mcpmessage. While /mcp requires both IP whitelisting and authentication AuthRequired...

9.8CVSS6AI score0.38477EPSS
Exploits4
OSV
OSV
added 2026/05/19 4:18 p.m.21 views

GHSA-4GPH-2HHR-5MWG Envoy AI Proxy - MCP Message Smuggling Vulnerability

Envoy AI Gateway was found to be affected by a protocol parser differential vulnerability due to improper implementation of the JSON-RPC 2.0 specification. Such differential causes a MCP message alteration, potentially causing a bypass of security controls in a multi-layered architecture. Accordi...

6.3CVSS5.9AI score
Exploits0References2
The Hacker News
The Hacker News
added 2026/04/15 12:56 p.m.23 views

Actively Exploited nginx-ui Flaw (CVE-2026-33032) Enables Full Nginx Server Takeover

A recently disclosed critical security flaw impacting nginx-ui, an open-source, web-based Nginx management tool, has come under active exploitation in the wild. The vulnerability in question is CVE-2026-33032 CVSS score: 9.8, an authentication bypass vulnerability that enables threat actors to...

9.8CVSS7.7AI score0.38477EPSS
Exploits17
Snyk
Snyk
added 2026/03/30 8:26 p.m.2 views

Missing Authentication for Critical Function

Overview Affected versions of this package are vulnerable to Missing Authentication for Critical Function in the mcpmessage endpoint due to missing authentication checks and an empty default IP whitelist, which is treated as allowing all connections. An attacker can gain full control over the Ngi...

9.8CVSS6AI score0.38477EPSS
Exploits4References2
OSV
OSV
added 2026/03/30 4:43 p.m.4 views

GHSA-H6C2-X2M2-MWHF nginx-ui's Unauthenticated MCP Endpoint Allows Remote Nginx Takeover

Summary The nginx-ui MCP Model Context Protocol integration exposes two HTTP endpoints: /mcp and /mcpmessage. While /mcp requires both IP whitelisting and authentication AuthRequired middleware, the /mcpmessage endpoint only applies IP whitelisting - and the default IP whitelist is empty, which t...

9.8CVSS5.9AI score0.38477EPSS
Exploits4References6
GitLab Advisory Database
GitLab Advisory Database
added 2026/03/30 12:0 a.m.16 views

nginx-ui's Unauthenticated MCP Endpoint Allows Remote Nginx Takeover

The nginx-ui MCP Model Context Protocol integration exposes two HTTP endpoints: /mcp and /mcpmessage. While /mcp requires both IP whitelisting and authentication AuthRequired middleware, the /mcpmessage endpoint only applies IP whitelisting - and the default IP whitelist is empty, which the...

9.8CVSS6AI score0.38477EPSS
Exploits4References6Affected Software1
Rows per page
Query Builder