CVE-2026-33032: Nginx UI Missing MCP Authentication

A critical authentication vulnerability, CVE-2026-33032, affects Nginx UI, allowing unauthenticated attackers to access Model Context Protocol (MCP) servers and gain full control over managed Nginx web servers. With a CVSS score of 9.8, this flaw is being actively exploited in the wild, often chained with information leak vulnerability CVE-2026-27944. Default configurations exacerbate risk by permitting remote IP access to MCP functionality. Threat intelligence from Recorded Future and PurpleOps confirms active exploitation chains targeting these weaknesses. Organizations must urgently update Nginx UI to version 2.3.6 or later to remediate both vulnerabilities, as versioning discrepancies exist between vendor advisories and CVE records. Additionally, defenders should restrict network access to the Nginx UI management interface strictly to authorized personnel. Rapid7 has released detection checks for exposed systems. Immediate patching is essential to prevent unauthorized privileged operations and potential service compromise.

Overview On March 30, 2026, a security advisory was published for a critical vulnerability affecting Nginx UI . Nginx UI is an open-source web interface to centralize the management of Nginx configurations and SSL certificates. The critical vulnerability, CVE-2026-33032 , was reported in early March by Pluto Security researcher Yotam Perkal and subsequently patched on March 15, 2026. That same day, Pluto Security published a technical blog post with some vulnerability details. CVE-2026-33032 is a missing authentication bug with a CVSS score of 9.8 ; as a result of missing authentication controls, an unauthenticated attacker who exploits CVE-2026-27944 to leak information can access a Model Context Protocol (MCP) server that can perform privileged operations on managed Nginx web servers. Systems are vulnerable in the default IP allowlist configuration, which allows any remote IP to access MCP functionality. Exploitation results in full attacker control of the managed Nginx service. According to a Recorded Future report published on April 13, 2026, exploitation of CVE-2026-33032 in the wild has begun. A PurpleOps report published on April 16, 2026 associated exploitation of CVE-2026-33032 in the wild with the information leak vulnerability CVE-2026-27944, indicating that these two vulnerabilities are being exploited as a chain. Mitigation guidance Organizations running Nginx UI should prioritize updating on an urgent basis to remediate CVE-2026-33032. Additionally, to reduce exposure to future vulnerabilities affecting Nginx UI, defenders should ensure that network access to the Nginx UI management interface is strictly limited to those who must have it. Affected versions: According to the finder’s blog post , version 2.3.3 and prior are affected, and the fix is present in version 2.3.4 and later. However the official CVE record states that versions 2.3.5 and below are affected. The information leak vulnerability being exploited in the wild with CVE-2026-33032, CVE-2026-27944, was patched in version 2.3.3. This discrepancy in affected version numbers introduces confusion as to the correct version required to remediate CVE-2026-33032. To avoid this version number discrepancy, users are advised to update to the very latest version (2.3.6) . Please read the vendor advisory for the latest guidance. Rapid7 customers Exposure Command, InsightVM, and Nexpose Exposure Command, InsightVM, and Nexpose customers can assess exposure to CVE-2026-33032 with unauthenticated checks available in the April 17 content release. Updates April 16, 2026: Initial publication. April 17, 2026: Added additional details on exploitation workflow, vulnerable software versions, and product coverage.

A critical authentication vulnerability, CVE-2026-33032, affects Nginx UI, allowing unauthenticated attackers to access Model Context Protocol (MCP) servers and gain full control over managed Nginx web servers. With a CVSS score of 9.8, this flaw is being actively exploited in the wild, often chained with information leak vulnerability CVE-2026-27944. Default configurations exacerbate risk by permitting remote IP access to MCP functionality. Threat intelligence from Recorded Future and PurpleOps confirms active exploitation chains targeting these weaknesses. Organizations must urgently update Nginx UI to version 2.3.6 or later to remediate both vulnerabilities, as versioning discrepancies exist between vendor advisories and CVE records. Additionally, defenders should restrict network access to the Nginx UI management interface strictly to authorized personnel. Rapid7 has released detection checks for exposed systems. Immediate patching is essential to prevent unauthorized privileged operations and potential service compromise. Overview On March 30, 2026, a security advisory was published for a critical vulnerability affecting Nginx UI . Nginx UI is an open-source web interface to centralize the management of Nginx configurations and SSL certificates. The critical vulnerability, CVE-2026-33032 , was reported in early March by Pluto Security researcher Yotam Perkal and subsequently patched on March 15, 2026. That same day, Pluto Security published a technical blog post with some vulnerability details. CVE-2026-33032 is a missing authentication bug with a CVSS score of 9.8 ; as a result of missing authentication controls, an unauthenticated attacker who exploits CVE-2026-27944 to leak information can access a Model Context Protocol (MCP) server that can perform privileged operations on managed Nginx web servers. Systems are vulnerable in the default IP allowlist configuration, which allows any remote IP to access MCP functionality. Exploitation results in full attacker control of the managed Nginx service. According to a Recorded Future report published on April 13, 2026, exploitation of CVE-2026-33032 in the wild has begun. A PurpleOps report published on April 16, 2026 associated exploitation of CVE-2026-33032 in the wild with the information leak vulnerability CVE-2026-27944, indicating that these two vulnerabilities are being exploited as a chain. Mitigation guidance Organizations running Nginx UI should prioritize updating on an urgent basis to remediate CVE-2026-33032. Additionally, to reduce exposure to future vulnerabilities affecting Nginx UI, defenders should ensure that network access to the Nginx UI management interface is strictly limited to those who must have it. Affected versions: According to the finder’s blog post , version 2.3.3 and prior are affected, and the fix is present in version 2.3.4 and later. However the official CVE record states that versions 2.3.5 and below are affected. The information leak vulnerability being exploited in the wild with CVE-2026-33032, CVE-2026-27944, was patched in version 2.3.3. This discrepancy in affected version numbers introduces confusion as to the correct version required to remediate CVE-2026-33032. To avoid this version number discrepancy, users are advised to update to the very latest version (2.3.6) . Please read the vendor advisory for the latest guidance. Rapid7 customers Exposure Command, InsightVM, and Nexpose Exposure Command, InsightVM, and Nexpose customers can assess exposure to CVE-2026-33032 with unauthenticated checks available in the April 17 content release. Updates April 16, 2026: Initial publication. April 17, 2026: Added additional details on exploitation workflow, vulnerable software versions, and product coverage. Overview On March 30, 2026, a security advisory was published for a critical vulnerability affecting Nginx UI . Nginx UI is an open-source web interface to centralize the management of Nginx configurations and SSL certificates. The critical vulnerability, CVE-2026-33032 , was reported in early March by Pluto Security researcher Yotam Perkal and subsequently patched on March 15, 2026. That same day, Pluto Security published a technical blog post with some vulnerability details. CVE-2026-33032 is a missing authentication bug with a CVSS score of 9.8 ; as a result of missing authentication controls, an unauthenticated attacker who exploits CVE-2026-27944 to leak information can access a Model Context Protocol (MCP) server that can perform privileged operations on managed Nginx web servers. Systems are vulnerable in the default IP allowlist configuration, which allows any remote IP to access MCP functionality. Exploitation results in full attacker control of the managed Nginx service. According to a Recorded Future report published on April 13, 2026, exploitation of CVE-2026-33032 in the wild has begun. A PurpleOps report published on April 16, 2026 associated exploitation of CVE-2026-33032 in the wild with the information...