腾讯网

Nginx-UI 备份恢复漏洞 PoC 公开:攻击者可篡改加密备份并注入恶意配置

Nginx-UI 备份恢复机制中被披露存在一个高危安全漏洞(CVE-2026-33026)。该漏洞允许威胁攻击者在恢复过程中篡改加密备份文件并注入恶意配置。随着公开的 PoC 利用代码发布,未打补丁的系统面临被完全攻陷的即时风险。 加密缺陷利用原理与 PoC 该漏洞的根本原因 ...
CSOonline

Critical nginx UI tool vulnerability opens web servers to full compromise

Security vendor Pluto Security has published details of a critical vulnerability in the open-source nginx UI web server configuration tool that has been under active exploitation by cybercriminals ...
Dark Reading

Critical MCP Integration Flaw Puts NGINX at Risk

Attackers are actively exploiting a critical flaw in the widely used nginx-ui interface for managing NGINX web servers. The flaw, tracked as CVE-2026-33032, (CVSS: 9.8) stems from nginx-ui's insecure ...
Bleeping Computer

Critical Nginx UI auth bypass flaw now actively exploited in the wild

A critical vulnerability in Nginx UI with Model Context Protocol (MCP) support is now being exploited in the wild for full server takeover without authentication. The flaw, tracked as CVE-2026-33032, ...
heise online

Critical security vulnerability in Nginx UI closed again

Admins who use the Nginx UI web interface for their nginx-based web servers should update the software promptly. If they don't, attackers can exploit multiple security vulnerabilities and, in the ...