Recently, a critical security flaw found in nginx-ui, a popular web-based nginx management tool with over 11K GitHub stars and 430,000+ Docker pulls, has been exploited in wild. The vulnerability CVE-2026-33032 with CVSS (Common Vulnerability Scoring System) of 9.8, enables attacker to take full control over the Nginx servers.

Understanding the Scenario

nginx-ui uses the SSE (Server-Sent Events) transport from the mcp-go library. Here are the two endpoints which plays important role:

GET /mcp — Opens a persistent SSE stream. It is used to establish a persistent Server-Sent Events (SSE) connection to receive JSON-RPC responses and initiate a session.

POST /mcp_message — It is used to send commands to the MCP server (e.g., to create or modify configuration files, reload NGINX, or restart services).

When a client sends GET request to/mcp endpoint to open the stream. The server responds with a session ID as shown below.

data: /mcp_message?sessionId=9a7f3d21-6c5e-4b8a-9d72-3f1e8c4b2a11

After this, tools are called with the POST request to /mcp_message endpoint with the valid sessionId and the response is sent back to the client through SSE stream. Here, nginx-ui authenticates MCP connections using a…