Actively Exploited nginx-ui Flaw (CVE-2026-33032) Enables Full Nginx Server Takeover

7 hours ago [email protected] (The Hacker News)
Actively Exploited nginx-ui Flaw (CVE-2026-33032) Enables Full Nginx Server Takeover


A recently disclosed critical security flaw impacting nginx-ui, an open-source, web-based Nginx management tool, has come under active exploitation in the wild.
The vulnerability in question is CVE-2026-33032 (CVSS score: 9.8), an authentication bypass vulnerability that enables threat actors to seize control of the Nginx service. It has been codenamed MCPwn by Pluto Security.

The post “Actively Exploited nginx-ui Flaw (CVE-2026-33032) Enables Full Nginx Server Takeover” appeared first on The Hacker News

Source:The Hacker News – [email protected] (The Hacker News)

Tags: , , ,

More Stories

April Patch Tuesday Fixes Critical Flaws Across SAP, Adobe, Microsoft, Fortinet, and More

8 hours ago [email protected] (The Hacker News)

Microsoft Issues Patches for SharePoint Zero-Day and 168 Other New Vulnerabilities

12 hours ago [email protected] (The Hacker News)

New PHP Composer Flaws Enable Arbitrary Command Execution — Patches Released

1 day ago [email protected] (The Hacker News)

AI-Driven Pushpaganda Scam Exploits Google Discover to Spread Scareware and Ad Fraud

1 day ago [email protected] (The Hacker News)

Google Adds Rust-Based DNS Parser into Pixel 10 Modem to Enhance Security

1 day ago [email protected] (The Hacker News)

Mirax Android RAT Turns Devices into SOCKS5 Proxies, Reaching 220,000 via Meta Ads

1 day ago [email protected] (The Hacker News)