Critical nginx UI tool vulnerability opens web servers to full compromise
Summary
A critical vulnerability, dubbed 'MCPwn' and identified as CVE-2026-33032, has been discovered in the nginx UI web server configuration tool. This flaw allows unauthenticated attackers to gain full control of web servers by injecting malicious configurations, with active exploitation noted since March.
IFF Assessment
The vulnerability allows attackers to gain full control of web servers, harvest credentials, and maintain persistent access, posing a significant threat to defenders.
Severity
The high CVSS score of 9.8 reflects the critical nature of the vulnerability, where an unauthenticated API call can lead to full compromise of the nginx server, including traffic interception and credential harvesting.
Defender Context
This vulnerability highlights the security risks introduced by AI integrations in web server management tools. Defenders should prioritize patching nginx UI instances and monitoring for signs of exploitation, especially given the tool's ability to impact critical server configurations.