What Happened
Researchers at Pluto Security disclosed CVE-2026-33032, a critical authentication bypass vulnerability in nginx-ui — an open-source, web-based management interface for the Nginx web server. The flaw, dubbed MCPwn, carries a CVSS score of 9.8. Active exploitation was confirmed in the wild by April 15, 2026, with exploitation activity observed as far back as March 2026.
The vulnerability exists in the /mcp_message endpoint, which applies IP whitelisting with an empty default whitelist — effectively treating the restriction as “allow all.” This means any unauthenticated attacker reachable over the network can invoke the full set of MCP tool functions without any form of credential check. Using just two HTTP requests, an attacker can restart the Nginx service, create, modify, or delete Nginx configuration files, and trigger automatic configuration reloads — giving them effective control over every site and application the Nginx instance serves.
Pluto Security found approximately 2,689 publicly exposed nginx-ui instances on Shodan at the time of disclosure. The majority are hosted in China, the United States, Indonesia, Germany, and Hong Kong. The fix is available in nginx-ui version 2.3.4, which adds a missing authentication check to the vulnerable endpoint.
Why This Matters for Canadian Organizations
Nginx is one of the most widely deployed web servers globally, and nginx-ui is a popular management tool used by developers, DevOps teams, hosting providers, and managed service providers to configure and monitor Nginx without command-line access. In the Canadian context, nginx-ui is used by web development shops, cloud-hosted application teams, managed hosting providers, and small-to-medium businesses running self-managed Linux servers.
The severity of this flaw is compounded by how it works in practice. An attacker who compromises an nginx-ui instance controls the web server’s configuration files — meaning they can redirect traffic, inject content into served pages, terminate SSL, or expose internal services. For Canadian companies running e-commerce sites, web applications, or any customer-facing digital services on nginx-managed servers, a compromise creates direct exposure to customer data theft, malicious content injection, and PIPEDA breach notification obligations.
DevOps teams running nginx-ui in cloud environments — including AWS, Azure, and Google Cloud deployments popular with Canadian tech companies and startups — face an especially high risk if management interfaces are exposed to the internet without strong access controls. The fact that exploitation requires no credentials lowers the bar for opportunistic attackers scanning for exposed infrastructure.
What to Do
Upgrade nginx-ui to version 2.3.4 immediately. If an immediate upgrade is not possible, disable MCP functionality in nginx-ui’s configuration and restrict network access to the management interface using firewall rules — the interface should never be exposed directly to the internet. Audit your nginx-ui logs for requests to the /mcp_message endpoint, and treat any hits from unexpected IP addresses as indicators of compromise. If you are a managed service provider or hosting company running nginx-ui on behalf of clients, treat this as an emergency update and notify affected clients. Check your exposure on Shodan or similar tools by searching for nginx-ui management interfaces bound to public IP addresses.
Source: The Hacker News | BleepingComputer
