Actively Exploited nginx-ui Flaw (CVE-2026-33032) Enables Full Nginx Server Takeover

来源： the_hacker_news · 发布时间 2026-04-15 20:56 (UTC+08:00) · 抓取时间 2026-04-16 19:01 (UTC+08:00)

摘要

A recently disclosed critical security flaw impacting nginx-ui, an open-source, web-based Nginx management tool, has come under active exploitation in the wild. The vulnerability in question is CVE-2026-33032 (CVSS score: 9.8), an authentication bypass vulnerability that enables threat actors to seize control of the Nginx service. It has been codenamed MCPwn by Pluto Security. "

扩展字段

{
  "categories": [],
  "guid": "https://thehackernews.com/2026/04/critical-nginx-ui-vulnerability-cve.html"
}