{"uuid": "77840a59-9600-457f-96d6-bb511d615c73", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-33032", "type": "exploited", "source": "https://t.me/thehackernews/8807", "content": "\ud83d\udea8 A critical nginx-ui flaw is now exploited in the wild.\n\nCVE-2026-33032 (9.8) allows auth bypass via the /mcp_message endpoint, letting attackers take full control of Nginx with two HTTP requests due to an \u201callow-all\u201d default.\n\n\ud83d\udd17 Details here \u2192 https://thehackernews.com/2026/04/critical-nginx-ui-vulnerability-cve.html", "creation_timestamp": "2026-04-15T13:02:35.000000Z"}