The vulnerability CVE-2026-33032 affects the nginx-ui web user interface for the Nginx web server, specifically versions 2.3.5 and prior. The issue lies in the Model Context Protocol (MCP) integration, which exposes two HTTP endpoints: /mcp and /mcp_message. While the /mcp endpoint correctly enforces both IP whitelisting and authentication via the AuthRequired() middleware, the /mcp_message endpoint only applies IP whitelisting. Critically, the default IP whitelist is empty, which the middleware interprets as allowing all IP addresses. This misconfiguration results in a missing authentication control (CWE-306) on a critical function. Consequently, any attacker with network access to the nginx-ui interface can invoke MCP tools without authentication. These tools allow restarting the nginx service, creating, modifying, or deleting nginx configuration files, and triggering automatic configuration reloads. This grants attackers complete takeover of the nginx service, compromising confidentiality, integrity, and availability. The vulnerability is remotely exploitable without any privileges or user interaction, reflected in its CVSS 3.1 score of 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). At the time of disclosure, no patches or mitigations have been published by the vendor 0xJacky, increasing the urgency for defensive measures.

The impact of CVE-2026-33032 is severe for organizations deploying nginx-ui versions 2.3.5 or earlier, especially in environments where the management interface is accessible over untrusted or public networks. Exploitation allows attackers to fully compromise the nginx service, leading to potential service disruption, unauthorized configuration changes, and persistent backdoors. This can result in data breaches, service outages, and loss of trust. Since nginx is widely used as a web server and reverse proxy, the vulnerability could affect a broad range of industries including finance, healthcare, government, and e-commerce. The ability to restart the service and modify configurations without authentication also opens avenues for lateral movement and further network compromise. The absence of patches and the ease of exploitation exacerbate the risk, making this a critical threat to global organizations relying on nginx-ui for server management.

Until an official patch is released, organizations should implement strict network-level access controls to restrict access to the nginx-ui management interface, especially the /mcp_message endpoint. This includes configuring firewalls or network ACLs to allow only trusted IP addresses to connect. If possible, disable or block the /mcp_message endpoint entirely to prevent unauthorized use of MCP tools. Employ network segmentation to isolate management interfaces from general user networks and the internet. Monitor logs and network traffic for unusual requests to /mcp_message or unexpected nginx restarts and configuration changes. Consider deploying Web Application Firewalls (WAFs) with custom rules to detect and block exploitation attempts. Regularly audit nginx-ui versions in use and plan for rapid upgrade or patch deployment once available. Additionally, enforce strong authentication and multi-factor authentication on all management interfaces to reduce risk from other potential vulnerabilities.