CVE-2026-33032 is a critical authentication bypass vulnerability affecting nginx-ui (≤ 2.3.5). The issue arises from inconsistent security controls applied to MCP endpoints: while the /mcp endpoint enforces both IP allowlisting and authentication, the /mcp_message endpoint only enforces IP allowlisting. By default, this allowlist is empty and treated as permissive, effectively allowing unrestricted access.
Both endpoints route to the same backend handler responsible for executing MCP tool commands. As a result, unauthenticated attackers can invoke privileged operations, including modifying nginx configuration files, creating new configurations, and triggering immediate service reloads.
This enables full compromise of the nginx service, including:
- Interception and redirection of user traffic
- Exposure of sensitive data in transit
- Persistent backdoor configuration via malicious server blocks
- Service disruption through invalid configuration injection
The vulnerability is exploitable over the network with no authentication or user interaction required.
Observed Threat Activity
Active scanning and exploitation attempts targeting nginx infrastructure have been observed, particularly focusing on exposed management interfaces. Attackers are probing for endpoints such as /mcp and /mcp_message, which are associated with the vulnerable Model Context Protocol (MCP) functionality.
Analysis of web traffic telemetry indicates ongoing automated reconnaissance from cloud-hosted infrastructure (e.g., AWS, OVH, DigitalOcean), consistent with opportunistic mass scanning. These activities are indicative of early-stage exploitation attempts aimed at identifying exposed nginx-ui instances.
Impact Assessment
The impact of this vulnerability is critical, particularly for internet-facing environments.
An unauthenticated attacker can achieve full control over the nginx service by modifying configurations, enabling traffic interception through malicious proxying and exposure of sensitive data such as credentials and session tokens.
At the same time, attackers can disrupt operations by pushing invalid configurations that take services offline, while also gaining visibility into backend infrastructure through accessible configuration files.
Any exposed nginx-ui instance should therefore be considered high risk, especially if management interfaces are accessible from the internet.
Recommended Actions
- Identify all instances of nginx-ui within your environment
- Immediately restrict access to nginx-ui management interfaces (e.g., VPN, IP allowlisting)
- Monitor for unexpected configuration changes or nginx reload activity
- Apply vendor patches or mitigations as soon as they become available
- Treat exposed instances as potentially compromised and perform a full investigation if suspicious activity is observed
Stay Safe. Stay Secure
OP Innovate Research Team
