Critical Nginx UI vulnerability actively exploited for server takeover

A critical vulnerability in the Nginx UI web management interface is being actively exploited to take over web servers without authentication. The flaw, tracked as CVE-2026-33032, allows remote attackers to execute privileged actions through an unprotected endpoint. Nginx UI is a popular web-based interface for managing Nginx web servers, with more than 11,000 GitHub stars and 430,000 Docker pulls. The vulnerability exists in the ‘/mcp_message’ endpoint, which handles Model Context Protocol communications without proper authentication checks. According to the National Vulnerability Database description, “any network attacker can invoke all MCP tools without authentication, including restarting nginx, creating/modifying/deleting nginx configuration files, and triggering automatic config reloads. achieving complete nginx service takeover.” Threat intelligence firm Recorded Future reports that the vulnerability is now under active exploitation in the wild. Pluto Security AI, which discovered the flaw, estimates that approximately 2,600 publicly exposed instances are potentially vulnerable, with most located in China, the United States, Indonesia, Germany, and Hong Kong. Exploitation requires only network access and involves establishing a connection, opening an MCP session, and using the returned session identifier to send unauthenticated requests. Attackers can then read configuration files, inject malicious server blocks, and trigger automatic reloads. Nginx released a fix in version 2.3.4 on March 15, one day after researchers reported the issue. The latest secure version is 2.3.6, released last week. System administrators are urged to update immediately given the active exploitation and availability of public proof-of-concept code.