nginx-ui CVE-2026-33032 (CVSS 9.8) Actively Exploited: Missing MCP Auth on /mcp_message Exposes 2,600+ Nginx Instances to Full Takeover
Rapid7·medium signal
The /mcp_message endpoint in nginx-ui lacks authentication middleware — only checks IP whitelist, and empty whitelist means 'allow all.' Exposes 12 MCP tools including config writes with automatic nginx reload. Fixed in v2.3.4 with one line adding AuthRequired() middleware. Active exploitation confirmed in the wild against 2,600+ exposed instances. PoC publicly available.