Cybersecurity

MCPwn: Critical nginx-ui Authentication Bypass Under Active Exploitation — Full Nginx Takeover Possible

Summary

A critical vulnerability in nginx-ui, the popular open-source web management interface for Nginx servers, is being actively exploited in the wild. Tracked as CVE-2026-33032 and dubbed “MCPwn” by Pluto Security, the flaw carries a CVSS score of 9.8 and enables unauthenticated attackers to take full control of the Nginx service.

The vulnerability resides in nginx-ui’s Model Context Protocol (MCP) integration. The /mcp_message endpoint — designed to handle powerful backend operations — ships with no authentication requirement and a default “allow-all” IP whitelist. This exposes 12 MCP tools to any remote attacker, including functions that can write and reload Nginx configuration files. Successful exploitation grants attackers the ability to intercept traffic, harvest credentials, maintain persistent access, and disable the service entirely.

Pluto Security responsibly disclosed the flaw in early March 2026, and nginx-ui maintainers released a patch in version 2.3.4 on March 15. Despite patch availability, threat intelligence firms VulnCheck and Recorded Future’s Insikt Group have confirmed ongoing exploitation by multiple cybercriminal groups. The flaw is also being chained with CVE-2026-27944, which allows unauthenticated downloading and decryption of server backups.

Source

BleepingComputer | The Hacker News | Rapid7 Emergency Threat Response

Commentary

This is a textbook case of “convenience tools becoming attack surface.” nginx-ui exists to make Nginx management easier, but bolting on an MCP integration without authentication turns a management convenience into a direct attack vector. The fact that it ships with allow-all defaults and exposes 12 powerful tools unauthenticated is a design failure, not just a bug.

If you run nginx-ui, update to 2.3.6 immediately. If you can’t patch, disable MCP entirely or restrict the whitelist to deny-all. The chaining with CVE-2026-27944 for backup theft makes this especially dangerous — attackers aren’t just hijacking your Nginx config, they’re exfiltrating your entire server state.

Related Posts

You May Have Missed

Powered by
Necessary cookies enable essential site features like secure log-ins and consent preference adjustments. They do not store personal data.
None
Functional cookies support features like content sharing on social media, collecting feedback, and enabling third-party tools.
None
Analytical cookies track visitor interactions, providing insights on metrics like visitor count, bounce rate, and traffic sources.
None
Advertisement cookies deliver personalized ads based on your previous visits and analyze the effectiveness of ad campaigns.
None
Powered by