3 matches found
K000161327: NGINX UI vulnerability CVE-2026-33032
Security Advisory Description Nginx UI is a web user interface for the Nginx web server. In versions 2.3.5 and prior, the nginx-ui MCP Model Context Protocol integration exposes two HTTP endpoints: /mcp and /mcpmessage. While /mcp requires both IP whitelisting and authentication AuthRequired...
Actively Exploited nginx-ui Flaw (CVE-2026-33032) Enables Full Nginx Server Takeover
A recently disclosed critical security flaw impacting nginx-ui, an open-source, web-based Nginx management tool, has come under active exploitation in the wild. The vulnerability in question is CVE-2026-33032 CVSS score: 9.8, an authentication bypass vulnerability that enables threat actors to...
Missing Authentication for Critical Function
Overview Affected versions of this package are vulnerable to Missing Authentication for Critical Function in the mcpmessage endpoint due to missing authentication checks and an empty default IP whitelist, which is treated as allowing all connections. An attacker can gain full control over the Ngi...