A critical security vulnerability affecting nginx-ui, an open-source web-based management interface for Nginx servers, is currently being exploited by threat actors in active attacks. The flaw, tracked as CVE-2026-33032, carries a CVSS severity score of 9.8, indicating a severe risk to affected deployments worldwide.
The vulnerability functions as an authentication bypass, granting attackers unauthorized access to Nginx management capabilities. Once exploited, threat actors gain the ability to take complete control of the underlying Nginx service, potentially exposing sensitive configurations, intercepting traffic, or redirecting requests to malicious endpoints. The security community has assigned it the codename MCPwn, with initial discovery attributed to Pluto Security researchers.
nginx-ui serves as a convenient administrative tool for managing Nginx web servers through a graphical interface, making it particularly attractive for system administrators looking to streamline configuration tasks. However, the authentication bypass flaw circumvents the intended access controls, allowing unauthenticated users to perform privileged operations without valid credentials.
The active exploitation in the wild underscores the immediate threat posed by this vulnerability. Organizations operating nginx-ui installations should treat this as a priority security concern and implement patches as soon as they become available. Until patches are released, administrators should consider isolating affected systems from untrusted networks or disabling the interface if not actively required.
This incident highlights the importance of regular security audits for open-source infrastructure tools. While these projects provide substantial value to the community, vulnerabilities in widely-deployed administrative interfaces can have cascading security implications across numerous organizations and services relying on them.