Actively Exploited nginx-ui Flaw (CVE-2026-33032) Enables Full Nginx Server Takeover

A critical authentication bypass vulnerability (CVE-2026-33032, CVSS 9.8) in nginx-ui, an open-source Nginx web management tool, is being actively exploited in the wild. The flaw, dubbed 'MCPwn' by Pluto Security, allows threat actors to bypass authentication and seize full control of Nginx servers. Organizations using nginx-ui should immediately apply available patches or implement compensating controls. The critical severity and active exploitation status demand urgent attention. Given the CVSS score of 9.8, successful exploitation could lead to complete server compromise, data exfiltration, or use of compromised servers for further attacks. Security teams should audit their environments for nginx-ui deployments and prioritize patching.

A recently disclosed critical security flaw impacting nginx-ui, an open-source, web-based Nginx management tool, has come under active exploitation in the wild. The vulnerability in question is CVE-2026-33032 (CVSS score: 9.8), an authentication bypass vulnerability that enables threat actors to seize control of the Nginx service. It has been codenamed MCPwn by Pluto Security. "

A critical authentication bypass vulnerability (CVE-2026-33032, CVSS 9.8) in nginx-ui, an open-source Nginx web management tool, is being actively exploited in the wild. The flaw, dubbed 'MCPwn' by Pluto Security, allows threat actors to bypass authentication and seize full control of Nginx servers. Organizations using nginx-ui should immediately apply available patches or implement compensating controls. The critical severity and active exploitation status demand urgent attention. Given the CVSS score of 9.8, successful exploitation could lead to complete server compromise, data exfiltration, or use of compromised servers for further attacks. Security teams should audit their environments for nginx-ui deployments and prioritize patching. A recently disclosed critical security flaw impacting nginx-ui, an open-source, web-based Nginx management tool, has come under active exploitation in the wild. The vulnerability in question is CVE-2026-33032 (CVSS score: 9.8), an authentication bypass vulnerability that enables threat actors to seize control of the Nginx service. It has been codenamed MCPwn by Pluto Security. " A recently disclosed critical security flaw impacting nginx-ui, an open-source, web-based Nginx management tool, has come under active exploitation in the wild. The vulnerability in question is CVE-2026-33032 (CVSS score: 9.8), an authentication bypass vulnerability that enables threat actors to seize control of the Nginx service. It has been codenamed MCPwn by Pluto Security. "