Critical Nginx-UI Vulnerability Actively Exploited

📌 A critical security flaw in nginx-ui, an open-source web-based Nginx management tool, has been actively exploited in the wild. The vulnerability, tracked as CVE-2026-33032 with a CVSS score of 9.8, is an authentication bypass issue allowing threat actors to take full control of the Nginx service. Security firm Pluto Security has designated the flaw as "MCPwn." No specific dates for disclosure or exploitation were provided, but the vulnerability is currently under active attack. The impact includes unauthorized server takeover via the compromised management interface.