Nginx Vulnerability (CVE-2026-33032) [PoC]
CVE-2026-33032
CVE-2026-33032 grants unauthenticated remote attackers full Nginx web server takeover via an MCP endpoint that skips auth checks. Requires immediate mitigation: disable Nginx UI or restrict network access.
Exploitation confirmed - public proof-of-concept - CVE-2026-33032 is a critical authentication bypass in Nginx UI versions 2.3.5 and prior that grants unauthenticated remote attackers complete administrative control of the Nginx web server via a flaw in the /mcp_message endpoint. With no patch available, organizations must immediately disable Nginx UI or enforce strict network access controls.
Overview
A critical security flaw in Nginx UI, a web-based management interface for the Nginx server, allows unauthenticated remote attackers to execute administrative commands. The vulnerability, tracked as CVE-2026-33032, stems from an improper authentication check on a specific endpoint.
Vulnerability Details
Nginx UI versions 2.3.5 and prior include an integration for the Model Context Protocol (MCP). This feature exposes two HTTP endpoints: /mcp and /mcp_message. While the /mcp endpoint correctly enforces both IP whitelisting and user authentication, the /mcp_message endpoint only checks for an IP whitelist. The default configuration has an empty whitelist, which the software incorrectly interprets as “allow all” instead of “deny all.” Consequently, this endpoint requires no password or token for access.
Impact
This flaw enables any attacker with network access to the Nginx UI instance to invoke all MCP tools without providing credentials. These tools include the ability to restart the Nginx service, create, modify, and delete Nginx configuration files, and trigger automatic reloads of the configuration. Successful exploitation leads to a complete takeover of the Nginx web server, allowing website defacement, denial-of-service, or the deployment of malicious configurations to intercept or redirect traffic. This could be a direct precursor to a significant data breach; you can review historical incidents in our breach reports.
Remediation and Mitigation
As of publication, there is no official patch from the vendor. Affected users must take immediate action.
- Primary Action: If Nginx UI is not essential, disable or uninstall it immediately.
- Critical Mitigation: Implement strict network access controls. Ensure the Nginx UI service is not exposed to the internet or untrusted networks. Restrict access at the firewall level to only trusted, administrative IP addresses.
- Configuration Check: Review all middleware and authentication rules for custom applications to ensure no endpoints are inadvertently exposed. The default “allow all” behavior for an empty whitelist is a common misconfiguration pattern to guard against.
Monitor for updates from the Nginx UI project and apply a patch as soon as it becomes available. For the latest developments on this and other threats, follow our security news.
Security Insight
This vulnerability highlights the persistent danger of “default-deny” misconfigurations in security middleware. Similar to past incidents in API gateways and management consoles, the logic flaw-treating an empty whitelist as permissive-creates a trap for developers. It underscores that security features like IP filtering are only as strong as their default configurations, which should always favor blocking over allowing access.
Further Reading
Never miss a critical vulnerability
Get real-time security alerts delivered to your preferred platform.
Am I Affected by CVE-2026-33032?
Pick an ecosystem, paste your installed version, and we'll compare it against the fixed version published on OSV.dev. Browser-only — nothing is sent to a server.
Heuristic comparison only. Always cross-check against the vendor advisory before making patching decisions.
Public PoC References
Unverified third-party code
These repositories are publicly listed on GitHub and have not been audited by Yazoul Security. They may contain malware, backdoors, destructive payloads, or operational security risks (telemetry, exfiltration). Treat them as hostile binaries. Inspect source before execution. Run only in isolated, disposable lab environments (offline VM, no credentials, no production data).
Authorized use only. This information is provided for defensive research, detection engineering, and patch validation. Using exploit code against systems you do not own or do not have explicit written permission to test is illegal in most jurisdictions and violates Yazoul's terms of use.
| Repository | Stars |
|---|---|
| Shreda/CVE-2026-33032-nginx-ui-vuln-lab Docker Compose setup to demonstrate the nginx-ui missing authentication vulnerability | ★ 1 |
| keraattin/CVE-2026-33032 One missing function call on the route registration was enough to turn the MCP interface into an unauthenticated RCE gateway. | ★ 0 |
Showing 2 of 2 known references. Source: nomi-sec/PoC-in-GitHub.
Related Advisories
Nginx UI is a web user interface for the Nginx web server. In versions 2.3.3 and prior, Nginx-UI contains an Insecure Direct Object Reference (IDOR) vulnerability that allows any authenticated user to...
Nginx UI is a web user interface for the Nginx web server. Prior to version 2.3.3, the /api/backup endpoint is accessible without authentication and discloses the encryption keys required to decrypt t...
WordPress MStore API 2.0.6 contains an arbitrary file upload vulnerability that allows unauthenticated attackers to upload malicious files by sending POST requests to the REST API endpoint. Attackers ...
OpenCATS 0.9.4 contains a remote code execution vulnerability that allows unauthenticated attackers to execute arbitrary commands by uploading malicious PHP files disguised as resume attachments. Atta...