> TritonInfoSec News
Home / Apr 16, 2026 / Story
0
#1 BleepingComputer general April 15, 2026 at 22:35 UTC

Critical Nginx UI auth bypass flaw now actively exploited in the wild

By Bill Toulas

AI Summary

A critical vulnerability (CVE-2026-33032) in Nginx UI with Model Context Protocol support is being actively exploited for authentication bypass, enabling full server takeover without credentials. The near-maximum severity flaw allows attackers to restart, create, modify, and delete NGINX configuration files with SYSTEM privileges.

Read full article → https://www.bleepingcomputer.com/news/security/cri…

Relevance score: 95.0/100

# More from April 16

  1. 2
    New AgingFly malware used in attacks on Ukraine govt, hospitals BleepingComputer
  2. 3
    WordPress plugin suite hacked to push malware to thousands of sites BleepingComputer
  3. 4
    Microsoft Issues Patches for SharePoint Zero-Day and 168 Other New Vulnerabilities The Hacker News
  4. 5
    Signed software abused to deploy antivirus-killing scripts BleepingComputer
  5. 6
    CISA flags Windows Task Host vulnerability as exploited in attacks BleepingComputer
  6. 7
    100 Chrome Extensions Steal User Data, Create Backdoor SecurityWeek
  7. 8
    n8n Webhooks Abused Since October 2025 to Deliver Malware via Phishing Emails The Hacker News
  8. 9
    UK warns businesses to address cyber risks amid Anthropic AI panic The Record
  9. 10
    Educational company McGraw Hill says Salesforce misconfiguration led to data leak The Record