Critical Nginx-ui MCP Flaw Actively Exploited in the Wild
ATT&CK techniques detected
T1190Exploit Public-Facing Application
93%
"critical nginx - ui mcp flaw actively exploited in the wild a critical authentication bypass in nginx - ui, a widely used open - source web interface for managing nginx servers, has been actively exploited in the wild. the vulnerability, tracked as cve - 2026 - 33032 with a cvss …"
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1190Exploit Public-Facing Application
79%
"used for establishing connections, carries both ip whitelisting and authentication middleware. but / mcp _ message, the endpoint that processes every tool invocation including configuration writes and server restarts, shipped without the authentication check. that omission expose…"
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
Summary
Critical nginx-ui MCP authentication bypass CVE-2026-33032 actively exploited with CVSS 9.8