好的,我现在需要帮用户总结一篇文章的内容,控制在100字以内。首先,我得仔细阅读文章,理解其主要内容和关键点。 文章标题是CVE-2026-33032:严重的nginx-ui漏洞授予未经身份验证的服务器访问权限。看起来这是一个关于Nginx UI组件的安全漏洞,影响很大。 接下来,文章提到这是一个被积极利用的严重漏洞,CVSS评分为9.8,属于高危。攻击者可以绕过认证,完全控制Nginx服务器。问题出在/mcp_message端点没有适当的保护,只依赖IP白名单,默认情况下允许所有IP访问。 Yotam Perkal发现了这个漏洞,并指出攻击者只需两个HTTP请求就能利用它。攻击流程包括建立会话和调用破坏性工具。漏洞允许攻击者接管服务、窃取凭证、破坏基础设施等。 修复方面,nginx-ui版本2.3.4添加了身份验证检查,解决了问题,并引入了回归测试以防止再次发生。 现在,我需要将这些信息浓缩到100字以内。重点包括:漏洞名称、影响、攻击方式、受影响的端点、攻击后果以及修复版本。 可能的结构是:介绍漏洞及其严重性,说明攻击者如何利用它,以及修复措施。 最终总结应简洁明了,涵盖关键点。 </think> Nginx UI组件存在严重漏洞CVE-2026-33032(CVSS 9.8),攻击者可绕过认证完全控制服务器。该漏洞源于/mcp_message端点仅依赖默认开放的IP白名单,默认允许所有访问。修复版本为2.3.4,新增身份验证检查以防止此类攻击。 2026-4-15 18:17:50 Author: securityaffairs.com(查看原文) 阅读量:9 收藏
CVE-2026-33032: severe nginx-ui bug grants unauthenticated server access
An actively exploited critical nginx-ui flaw (CVE-2026-33032) lets attackers bypass authentication and take full control of Nginx servers.
A critical vulnerability in nginx-ui, tracked as CVE-2026-33032 (CVSS score of 9.8), is being actively exploited, allowing attackers to bypass authentication and fully take over Nginx servers. The issue stems from improper protection of the /mcp_message endpoint, which relies only on IP whitelisting. Since the default whitelist allows all, attackers can access the service without authentication and gain control.
“The nginx-ui MCP (Model Context Protocol) integration exposes two HTTP endpoints: /mcp and /mcp_message. While /mcp requires both IP whitelisting and authentication (AuthRequired() middleware), the /mcp_message endpoint only applies IP whitelisting – and the default IP whitelist is empty, which the middleware treats as “allow all”.” reads the advisory. “This means any network attacker can invoke all MCP tools without authentication, including restarting nginx, creating/modifying/deleting nginx configuration files, and triggering automatic config reloads – achieving complete nginx service takeover.”
Yotam Perkal of Pluto Security discovered the nginx-ui flaw. The researcher pointed out that it can be exploited in seconds using just two HTTP requests.
“The attack flow: step 1 authenticates to get a session, step 2 uses that session to invoke destructive tools with zero authentication.” wrote Perkal. “An attacker on the same network as the nginx-ui instance needs just two requests:
POST /mcp_message?sessionId=xxx– Invoke any tool. Nonode_secret. No JWT. No cookies. Nothing.GET /mcp?node_secret=xxx– Establish an SSE session, get a sessionId”
A single unauthenticated request can let attackers fully compromise nginx-ui. They can intercept all traffic by redirecting it through malicious servers, capture admin credentials via manipulated logs, and gain persistent access by stealing tokens and secrets. Attackers can also map the entire infrastructure by reading configs and even shut down services by pushing invalid configurations.
The flaw was fixed in nginx-ui version 2.3.4 by adding a missing authentication check to the /mcp_message endpoint, just one line of code. The update also introduced a regression test to ensure both endpoints require authentication, which would have prevented the issue. Notably, some version trackers are incorrect: v2.3.3 is the last vulnerable release, while v2.3.4 includes the fix.
Follow me on Twitter: @securityaffairs and Facebook and Mastodon
(SecurityAffairs – hacking, nginx)
如有侵权请联系:admin#unsafe.sh