Mcp

vulnerabilities 2026-04-05
CVE-2026-33032: Nginx UI MCP Endpoint Lets Anyone Hijack Your Web Server — No Auth Required
Critical 9.8 CVSS flaw in Nginx UI exposes unauthenticated MCP endpoint. Public PoC available, no patch yet. Disable or firewall Nginx UI immediately.
nginx nginx-ui mcp authentication-bypass zero-day cve

CVE-2026-33032: Nginx UI MCP Endpoint Lets Anyone Hijack Your Web Server — No Auth Required