The Hacker News

Actively Exploited nginx-ui Flaw (CVE-2026-33032) Enables Full Nginx Server Takeover

CVE-2026-33032 exposes nginx-ui to unauthenticated takeover via MCP endpoint, impacting 2,600+ instances with active ...

Critical Nginx UI auth bypass flaw now actively exploited in the wild

A critical vulnerability in Nginx UI with Model Context Protocol (MCP) support is now being exploited in the wild for full ...
Infosecurity Magazine

Critical Nginx-ui MCP Flaw Actively Exploited in the Wild

A critical authentication bypass in nginx-ui, a widely used open-source web interface for managing nginx servers, has been ...
ZDNet

Nginx adds OAuth 2 authentication, other tools to its application delivery platform

Nginx on Tuesday released its latest product offering, the Plus R8, which includes an initial release of OAuth 2-based authentication. Nginx CEO Gus Robertson said that many of today's most popular ...
CSO Online

Critical nginx UI tool vulnerability opens web servers to full compromise

The vulnerability, with a CVSS score of 9.8, relates to the software’s support for Model Context Protocol (MCP) servers, ...
Dark Reading

Critical MCP Integration Flaw Puts NGINX at Risk

Attackers can abuse the near-maximum severity flaw in nginx-ui to restart, create, modify, and delete NGINX configuration ...
Cyber Daily

Update now: Active exploitation of Nginx UI vulnerability CVE-2026-33032 underway

“CVE-2026-33032 is a missing authentication bug with a CVSS score of 9.8; as a result of missing authentication controls, an ...
InfoWorld

Nginx Web server upgrade focuses on HTTP/2, authentication

Nginx is upgrading the commercially supported version of its popular Web server, fitting it with new HTTP/2, authentication, and caching capabilities. Nginx Plus Release 8, being unveiled today, backs ...

Patch now! Attackers take control of Nginx servers

Attackers are currently exploiting a critical security vulnerability in Nginx. Instances in Germany are also threatened.