Actively Exploited nginx-ui Flaw (CVE-2026-33032) Enables Full Nginx Server Takeover

CVE-2026-33032 is a critical authentication bypass in nginx-ui that allows unauthenticated attackers to modify Nginx configurations and take over the service completely. An estimated 2,689 vulnerable instances remain exposed globally and active exploitation is confirmed in the wild. Any unpatched nginx-ui deployment is a direct path to full web server compromise.

CRITICALAdvisoryApr 16, 2026

Action required

Immediately identify all nginx-ui instances in your environment and upgrade to version 2.3.4 or later. For any system that cannot be patched within 24 hours, isolate it from production traffic and monitor all HTTP requests to the nginx-ui interface.

Affected products

nginx-uiNginxAtlassianPluto Security

CVE IDs

CVE-2026-33032

Linked articles

Actively Exploited nginx-ui Flaw (CVE-2026-33032) Enables Full Nginx Server Takeover

Source links

https://thehackernews.com/2026/04/critical-nginx-ui-vulnerability-cve.html