{"id":"CVE-2026-33032","summary":"Nginx UI: Unauthenticated MCP Endpoint Allows Remote Nginx Takeover","details":"Nginx UI is a web user interface for the Nginx web server. In versions 2.3.5 and prior, the nginx-ui MCP (Model Context Protocol) integration exposes two HTTP endpoints: /mcp and /mcp_message. While /mcp requires both IP whitelisting and authentication (AuthRequired() middleware), the /mcp_message endpoint only applies IP whitelisting - and the default IP whitelist is empty, which the middleware treats as \"allow all\". This means any network attacker can invoke all MCP tools without authentication, including restarting nginx, creating/modifying/deleting nginx configuration files, and triggering automatic config reloads - achieving complete nginx service takeover. At time of publication, there are no publicly available patches.","aliases":["GHSA-h6c2-x2m2-mwhf","GO-2026-4904"],"modified":"2026-04-10T05:42:34.370992Z","published":"2026-03-30T17:58:42.159Z","related":["SUSE-SU-2026:1205-1"],"database_specific":{"osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/33xxx/CVE-2026-33032.json","cwe_ids":["CWE-306"],"cna_assigner":"GitHub_M"},"references":[{"type":"ADVISORY","url":"https://github.com/0xJacky/nginx-ui/security/advisories/GHSA-h6c2-x2m2-mwhf"},{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/33xxx/CVE-2026-33032.json"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2026-33032"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/0xjacky/nginx-ui","events":[{"introduced":"0"},{"last_affected":"1a9cd29a308278173aa0f16234cb78061dd2bd42"}],"database_specific":{"versions":[{"introduced":"0"},{"last_affected":"2.3.5"}]}}],"versions":["v1.1.0","v1.2.0","v1.2.0-alpha.3","v1.2.0-alpha.4","v1.2.0-rc.1","v1.2.0-rc.2","v1.2.0-rc.3","v1.2.1","v1.2.2","v1.3.0","v1.3.0-rc1","v1.3.1","v1.3.1-fix","v1.3.2","v1.3.3-rc1","v1.4.0","v1.4.0-rc1","v1.4.1","v1.4.2","v1.5.0","v1.5.0-beta1","v1.5.0-beta2","v1.5.0-beta3","v1.5.0-beta4","v1.5.0-beta4-fix","v1.5.0-beta5","v1.5.0-beta6","v1.5.0-beta7","v1.5.0-beta8","v1.5.0-beta9","v1.5.1","v1.5.2","v1.6.0","v1.6.0-fix","v1.6.1","v1.6.2","v1.6.3","v1.6.5","v1.6.6","v1.6.7","v1.6.8","v1.7.0","v1.7.0-patch","v1.7.1","v1.7.2","v1.7.3","v1.7.4","v1.7.5","v1.7.6","v1.7.7","v1.7.8","v1.7.9","v1.8.0","v1.8.1","v1.8.2","v1.8.3","v1.8.4","v1.8.4-patch","v1.9.9","v1.9.9-1","v1.9.9-2","v1.9.9-3","v1.9.9-4","v2.0.0","v2.0.0-beta.1","v2.0.0-beta.10","v2.0.0-beta.10-patch","v2.0.0-beta.11","v2.0.0-beta.12","v2.0.0-beta.13","v2.0.0-beta.13-patch","v2.0.0-beta.14","v2.0.0-beta.15","v2.0.0-beta.16","v2.0.0-beta.17","v2.0.0-beta.18","v2.0.0-beta.18-patch.1","v2.0.0-beta.18-patch.2","v2.0.0-beta.19","v2.0.0-beta.2","v2.0.0-beta.20","v2.0.0-beta.21","v2.0.0-beta.22","v2.0.0-beta.23","v2.0.0-beta.23-patch.1","v2.0.0-beta.23-patch.2","v2.0.0-beta.24","v2.0.0-beta.25","v2.0.0-beta.25-patch.1","v2.0.0-beta.25-patch.2","v2.0.0-beta.26","v2.0.0-beta.27","v2.0.0-beta.28","v2.0.0-beta.29","v2.0.0-beta.3","v2.0.0-beta.30","v2.0.0-beta.31","v2.0.0-beta.32","v2.0.0-beta.32-patch.1","v2.0.0-beta.33","v2.0.0-beta.34","v2.0.0-beta.35","v2.0.0-beta.36","v2.0.0-beta.37","v2.0.0-beta.37-patch.1","v2.0.0-beta.37-patch.2","v2.0.0-beta.37-patch.3","v2.0.0-beta.37-patch.4","v2.0.0-beta.37-patch.5","v2.0.0-beta.38","v2.0.0-beta.39","v2.0.0-beta.4","v2.0.0-beta.4-patch","v2.0.0-beta.40","v2.0.0-beta.41","v2.0.0-beta.42","v2.0.0-beta.5","v2.0.0-beta.5-patch","v2.0.0-beta.6","v2.0.0-beta.6-patch","v2.0.0-beta.6-patch.2","v2.0.0-beta.7","v2.0.0-beta.8","v2.0.0-beta.8-patch","v2.0.0-beta.9","v2.0.0-rc.1","v2.0.0-rc.1-patch.1","v2.0.0-rc.1-patch.2","v2.0.0-rc.2","v2.0.0-rc.3","v2.0.0-rc.3-patch.1","v2.0.0-rc.4","v2.0.0-rc.4-patch.1","v2.0.0-rc.4-patch.2","v2.0.0-rc.4-patch.3","v2.0.0-rc.5","v2.0.0-rc.6","v2.0.0-rc.6-patch.1","v2.0.0-rc.6-patch.2","v2.0.0-rc.6-patch.3","v2.0.0-rc.6-patch.4","v2.0.0-rc.6-patch.5","v2.0.0-rc.7","v2.0.0-rc.7-patch.2","v2.0.0-rc.7-patch.3","v2.0.0-rc.7-patch.4","v2.0.0-rc.7-patch.5","v2.0.0-rc.7-patch.6","v2.0.0-rc.7-patch.7","v2.0.0-rc.7-patch.8","v2.0.0-rc.8","v2.0.0-rc.8-patch.1","v2.0.1","v2.0.2","v2.1.0","v2.1.0-beta.1","v2.1.0-patch.1","v2.1.0-rc.1","v2.1.0-rc.2","v2.1.0-rc.3","v2.1.1","v2.1.10","v2.1.11","v2.1.12","v2.1.13","v2.1.14","v2.1.15","v2.1.16","v2.1.17","v2.1.2","v2.1.3","v2.1.4","v2.1.4-patch.1","v2.1.5","v2.1.6","v2.1.7","v2.1.8","v2.1.9","v2.2.0","v2.2.0-patch.1","v2.2.1","v2.3.0","v2.3.1","v2.3.2","v2.3.3","v2.3.4","v2.3.5"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-33032.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}]}