thehackernews.com·Apr 15, 2026
A severe security flaw (CVE-2026-33032) in nginx-ui, an open-source Nginx management tool, has been actively exploited, allowing attackers to bypass authentication and potentially take control of the service. This vulnerability has a high CVSS score of 9.8 and is referred to as MCPwn by Pluto Security.
The key learning here for a cybersecurity professional is the immediate need to address the CVE-2026-33032 vulnerability in nginx-ui, as it is actively being exploited. Prioritize patching or implementing workarounds for this authentication bypass flaw to protect against potential unauthorized control of Nginx services. Staying ahead of such high-severity vulnerabilities (CVSS score: 9.8) is crucial for maintaining robust security postures.