430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Hackers Steal Data of 4.38 Million Aflac Japan Customers|Apple Fixes WebKit Flaws in iOS and macOS, With Help From AI Tools|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Hackers Steal Data of 4.38 Million Aflac Japan Customers|Apple Fixes WebKit Flaws in iOS and macOS, With Help From AI Tools|
Advertisement

Ad Placeholder

Full Width × 90

Breaking News

CVE-2026-33032: severe nginx-ui bug grants unauthenticated server access

An actively exploited critical nginx-ui flaw (CVE-2026-33032) lets attackers bypass authentication and take full control of Nginx servers. A critical vulnerability in nginx-ui, tracked as CVE-2026-33032 (CVSS score of 9.8), is being actively exploited, allowing attackers to bypass authentication and fully take over Nginx servers. The issue stems from improper protection of the /mcp_message endpoint, […]

NGINX Rift

An actively exploited critical nginx-ui flaw (CVE-2026-33032) lets attackers bypass authentication and take full control of Nginx servers.

A critical vulnerability in nginx-ui, tracked as CVE-2026-33032 (CVSS score of 9.8), is being actively exploited, allowing attackers to bypass authentication and fully take over Nginx servers. The issue stems from improper protection of the /mcp_message endpoint, which relies only on IP whitelisting. Since the default whitelist allows all, attackers can access the service without authentication and gain control.

“The nginx-ui MCP (Model Context Protocol) integration exposes two HTTP endpoints: /mcp and /mcp_message. While /mcp requires both IP whitelisting and authentication (AuthRequired() middleware), the /mcp_message endpoint only applies IP whitelisting – and the default IP whitelist is empty, which the middleware treats as “allow all”.” reads the advisory. “This means any network attacker can invoke all MCP tools without authentication, including restarting nginx, creating/modifying/deleting nginx configuration files, and triggering automatic config reloads – achieving complete nginx service takeover.”

Yotam Perkal of Pluto Security discovered the nginx-ui flaw. The researcher pointed out that it can be exploited in seconds using just two HTTP requests.

“The attack flow: step 1 authenticates to get a session, step 2 uses that session to invoke destructive tools with zero authentication.” wrote Perkal.An attacker on the same network as the nginx-ui instance needs just two requests:

  • POST /mcp_message?sessionId=xxx – Invoke any tool. No node_secret. No JWT. No cookies. Nothing.
  • GET /mcp?node_secret=xxx – Establish an SSE session, get a sessionId”

A single unauthenticated request can let attackers fully compromise nginx-ui. They can intercept all traffic by redirecting it through malicious servers, capture admin credentials via manipulated logs, and gain persistent access by stealing tokens and secrets. Attackers can also map the entire infrastructure by reading configs and even shut down services by pushing invalid configurations.

The flaw was fixed in nginx-ui version 2.3.4 by adding a missing authentication check to the /mcp_message endpoint, just one line of code. The update also introduced a regression test to ensure both endpoints require authentication, which would have prevented the issue. Notably, some version trackers are incorrect: v2.3.3 is the last vulnerable release, while v2.3.4 includes the fix.

Follow me on Twitter: @securityaffairs and Facebook and Mastodon

Pierluigi Paganini

(SecurityAffairs – hacking, nginx)