CRITICAL🇵🇱 Wersja polska

CVE-2026-33032

CVSS 9.8v3.1pub. 2026-03-30upd. 2026-04-16

Nginx UI is a web user interface for the Nginx web server. In versions 2.3.5 and prior, the nginx-ui MCP (Model Context Protocol) integration exposes two HTTP endpoints: /mcp and /mcp_message. While /mcp requires both IP whitelisting and authentication (AuthRequired() middleware), the /mcp_message endpoint only applies IP whitelisting - and the default IP whitelist is empty, which the middleware treats as "allow all". This means any network attacker can invoke all MCP tools without authentication, including restarting nginx, creating/modifying/deleting nginx configuration files, and triggering automatic config reloads - achieving complete nginx service takeover. At time of publication, there are no publicly available patches.

🤖 AI Analysis
How it works

The MCP (Model Context Protocol) integration in Nginx UI exposes two HTTP endpoints: /mcp and /mcp_message. The /mcp endpoint requires both IP whitelisting and authentication (AuthRequired() middleware), while /mcp_message applies only IP whitelisting. Since the default list of allowed IP addresses is empty, the middleware treats this state as 'allow all'. As a result, any network attacker can call all MCP tools without authentication, including restarting Nginx, creating, modifying and deleting configuration files, and forcing their reload.

Impact

An attacker without any privileges can completely take over the Nginx service — modify its configuration, destroy configuration files or cause service unavailability (DoS). Manipulation of network traffic handled by the Nginx server is also possible.

Mitigation & patch

At the time of CVE publication there are no publicly available patches. You should monitor the vendor's repository at https://github.com/0xJacky/nginx-ui and apply available updates immediately upon release. Until a patch becomes available, it is recommended to restrict network access to the /mcp and /mcp_message endpoints using external access control mechanisms (e.g., firewall, reverse proxy with enforced authentication) or disable MCP integration if not required.

Who is affected

Nginx UI versions 2.3.5 and earlier with MCP integration enabled

Analysis generated by Claude AI (Anthropic) based on NVD data. Always verify with vendor.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Nginxui nginx Ui

    APP
    Nginxui
    ≤ 2.3.5
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
CWE
References

Related vulnerabilities

CVE-2026-42238CRITICAL9.0PL ✓ten sam produkt

Nginx UI: nieuwierzytelnione RCE przez endpoint przywracania kopii zapasowej

CVE-2026-33026CRITICAL9.4PL ✓ten sam produkt

Nginx UI: manipulacja zaszyfrowanymi kopiami zapasowymi i wstrzyknięcie konfiguracji

CVE-2026-27944CRITICAL9.8PL ✓ten sam produkt

Nginx UI: nieuwierzytelniony dostęp do backupu z ujawnieniem kluczy szyfrowania

CVE-2024-23827CRITICAL9.8PL ✓ten sam produkt

Nginx-UI: path traversal w imporcie certyfikatów umożliwia RCE

CVE-2026-44015HIGH8.5ten sam produkt

Nginx UI is a web user interface for the Nginx web server. In 2.3.4 and earlier, an authenticated user can per...