π―There's a serious security hole in the Nginx UI that lets bad guys sneak in and take control. If you use this software, you need to update it right away to keep your stuff safe!
The Flaw
On March 30, 2026, a security advisory was published for a critical vulnerability affecting Nginx UI, identified as CVE-2026-33032. This open-source web interface is essential for managing Nginx configurations and SSL certificates. The vulnerability, which was reported by Pluto Security researcher Yotam Perkal, is classified as a missing authentication bug with a CVSS score of 9.8. It allows unauthenticated attackers to exploit CVE-2026-27944 to leak information and gain access to a Model Context Protocol (MCP) server, enabling them to perform privileged operations on managed Nginx web servers.
What's at Risk
The vulnerability primarily affects systems with the default IP allowlist configuration, which permits any remote IP to access MCP functionality. Successful exploitation can lead to full control of the managed Nginx service. As of April 10, 2026, Nginx UI has confirmed that CVE-2026-33032 is being actively exploited in the wild, according to their security advisory (AV26-360).
Patch Status
The vulnerability was patched on March 15, 2026, but confusion exists regarding the versions affected. While the finderβs blog post indicates that version 2.3.3 and prior are vulnerable, the official CVE record states that versions 2.3.5 and below are affected. To mitigate this confusion, users are strongly advised to update to the latest version, which is 2.3.6.
Immediate Actions
Organizations running Nginx UI should prioritize updating their systems urgently to remediate CVE-2026-33032. Additionally, to minimize exposure to future vulnerabilities, it is crucial to restrict network access to the Nginx UI management interface only to necessary personnel. Users should also monitor for any signs of exploitation and ensure that they have applied the latest patches as soon as they become available.
Additional Recommendations
The Cyber Centre has echoed these concerns, urging users and administrators to review the provided web links and apply necessary updates promptly. This highlights the importance of staying informed and proactive about security vulnerabilities in critical systems.
With the confirmation of active exploitation, organizations must act swiftly to patch their systems and limit access to mitigate potential risks.
