嗯,用户让我帮忙总结一下这篇文章的内容,控制在一百个字以内,而且不需要用“文章内容总结”或者“这篇文章”这样的开头,直接写描述。首先,我需要仔细阅读文章,理解其主要内容。 文章主要讲的是Nginx UI中的一个关键漏洞,CVE-2026-33032。这个漏洞是因为/mcp_message端点没有保护,导致攻击者可以未经认证地执行特权操作。这些操作包括修改配置文件和重新加载服务器配置,从而完全接管服务器。Nginx已经发布了修复版本2.3.4和2.3.6,建议管理员尽快更新。 接下来,我需要将这些要点浓缩到100字以内。要注意包括漏洞名称、影响、攻击方式、修复版本以及建议措施。 可能会这样组织语言:“Nginx UI存在严重漏洞CVE-2026-33032,攻击者可利用/mcp_message端点无需认证接管服务器。该漏洞允许修改配置文件并重新加载服务,已发布修复版本2.3.4和2.3.6。” 这样既涵盖了关键信息,又符合字数限制。 </think> Nginx UI存在严重漏洞CVE-2026-33032,攻击者可利用/mcp_message端点无需认证接管服务器。该漏洞允许修改配置文件并重新加载服务,已发布修复版本2.3.4和2.3.6。 2026-4-15 22:46:26 Author: www.bleepingcomputer.com(查看原文) 阅读量:1 收藏
A critical vulnerability in Nginx UI with Model Context Protocol (MCP) support is now being exploited in the wild for full server takeover without authentication.
The flaw, tracked as CVE-2026-33032, is caused by nginx-ui leaving the ‘/mcp_message’ endpoint unprotected, allowing remote attackers to invoke privileged MCP actions without credentials.
Because those actions involve writing and reloading nginx configuration files, a single unauthenticated request can modify server behavior and effectively take over the web server.
“[...] any network attacker can invoke all MCP tools without authentication, including restarting nginx, creating/modifying/deleting nginx configuration files, and triggering automatic config reloads – achieving complete nginx service takeover,” reads NIST's descripion of the flaw in the National Vulnerability Database (NVD).
NGNIX released a fix for the flaw in version 2.3.4 on March 15, a day after researchers at the AI workflow security company Pluto Security AI reported it. However, the vulnerability identifier, along with technical details and a proof-of-concept (PoC) exploit, emerged at the end of the month.
In the CVE Landscape report earlier this week, threat intelligence company Recorded Future notes that CVE-2026-33032 is under active exploitation.
Nginx UI is a web-based management interface for the Nginx web server. The library is very popular, with more than 11,000 stars on GitHub and 430,000 Docker pulls.
Based on Pluto Security's internet scans using the Shodan engine, there are currently 2,600 publicly exposed instances potentially vulnerable to attacks. Most are in China, the United States, Indonesia, Germany, and Hong Kong.
In a report today, Pluto Security's Yotam Perkal says that exploitation only requires network access and is achieved by establishing an SSE connection, opening an MCP session, and then using the returned ‘sessionID’ to send requests to the ‘/mcp_message’ endpoint.
Source: Pluto Security
From there, attackers can invoke MCP tools without authentication and take the following actions:
- Connect to the target nginx-ui instance
- Send requests without any authentication headers
- Gain access to all 12 MCP tools (7 destructive)
- Read nginx configuration files and exfiltrate them
- Inject a new nginx server block with malicious configuration
- Trigger automatic nginx reload
Pluto Security's demo shows that an attacker can use the unauthenticated MCP message endpoint to execute privileged nginx management actions, perform config injection, and ultimately take control of the nginx server, all without authentication.
Given the active exploitation status and the availability of public PoCs, system administrators are recommended to apply the available security updates as soon as possible. The latest secure version of nginx-ui is 2.3.6, released last week.
Automated Pentesting Covers Only 1 of 6 Surfaces.
Automated pentesting proves the path exists. BAS proves whether your controls stop it. Most teams run one without the other.
This whitepaper maps six validation surfaces, shows where coverage ends, and provides practitioners with three diagnostic questions for any tool evaluation.
如有侵权请联系:admin#unsafe.sh