A recently disclosed critical security flaw impacting
nginx-ui, an open-source, web-based Nginx management tool, has come
under active exploitation in the wild. The vulnerability in
question is CVE-2026-33032 (CVSS score: 9.8), an authentication
bypass vulnerability that enables threat actors to seize control of
the Nginx service. It has been codenamed MCPwn by
Pluto Security. "
Read more https://thehackernews.com/2026/04/critical-nginx-ui-vulnerability-cve.html
