CoderOasis
  • Home
  • About
  • Topics
  • Programming
  • WebDev
  • Cybersecurity
  • Software
  • SysAdmin
Sign in Subscribe

Server Security

A collection of 1 post
CVE-2026-33032: The nginx-ui MCP Vulnerability That Hands Attackers Full Server Control
Cybersecurity

CVE-2026-33032: The nginx-ui MCP Vulnerability That Hands Attackers Full Server Control

CVE-2026-33032, dubbed MCPwn, is a CVSS 9.8 authentication bypass in nginx-ui's MCP integration that lets any attacker on the internet restart your Nginx server, rewrite your configs, and intercept all traffic -- in two HTTP requests, no credentials required. Roughly 2,700 instances are exposed.
17 Apr 2026 5 min read
Page 1 of 1
CoderOasis © 2026
  • Topics
  • Meet the Team
  • Best Articles
  • Archives
Powered by Ghost