CVE-2026-33032

Overview

0xJacky
nginx-ui

30 Mar 2026

Published

16 Apr 2026

Updated

CVSS v3.1

CRITICAL (9.8)

EPSS

0.06%

MITRE

KEV

Description

Nginx UI is a web user interface for the Nginx web server. In versions 2.3.5 and prior, the nginx-ui MCP (Model Context Protocol) integration exposes two HTTP endpoints: /mcp and /mcp_message. While /mcp requires both IP whitelisting and authentication (AuthRequired() middleware), the /mcp_message endpoint only applies IP whitelisting - and the default IP whitelist is empty, which the middleware treats as "allow all". This means any network attacker can invoke all MCP tools without authentication, including restarting nginx, creating/modifying/deleting nginx configuration files, and triggering automatic config reloads - achieving complete nginx service takeover. At time of publication, there are no publicly available patches.

Statistics

13 Posts
7 Interactions

Last activity: 1 hour ago

Fediverse

ThreatNoir @threatnoir

⚠️ CRITICAL: Actively Exploited nginx-ui Flaw (CVE-2026-33032) Enables Full Nginx Server Takeover

CVE-2026-33032 is a critical authentication bypass in nginx-ui that allows unauthenticated attackers to modify Nginx configurations and take over the service completely. An estimated 2,689 vulnerable instances remain exposed globally and active exploitation is confirmed in the wild. Any unpatched n…

https://threatnoir.com/focus

#infosec #cybersecurity

1
1
0
16h ago

GuardingPearSoftware @guardingpearsoftware

A critical vulnerability in Nginx UI is being actively exploited, allowing attackers to gain complete control over affected servers.
Nginx UI (nginx-ui) is an open source, web-based management tool for the Nginx web server.
The flaw, tracked as CVE-2026-33032, was recently fixed in version 2.3.4.

0
0
0
23h ago

CyberNetsecIO @netsecio

📰 Critical Auth Bypass in nginx-ui (CVE-2026-33032) Actively Exploited for Full Nginx Takeover

🚨 CRITICAL FLAW: nginx-ui is being actively exploited via an auth bypass (CVE-2026-33032, CVSS 9.8). Unauthenticated attackers can gain full RCE. Patch to version 2.3.4+ immediately! #nginx #CyberSecurity #Vulnerability

🔗 https://cyber.netsecops.io/articles/critical-nginx-ui-auth-bypass-cve-2026-33032-under-active-exploit/?utm_source=mastodon&utm_medium=social&utm_campaign=twitter_auto

0
0
0
11h ago

Bluesky

All About Security @allaboutsecurity.bsky.social

CVE-2026-33032: Authentifizierungslücke in nginx-ui wird aktiv ausgenutzt - Eine fehlende Middleware-Zeile im webbasierten Nginx-Verwaltungstool nginx-ui genügt, damit Angreifer im Netzwerk sämtliche Konfigurationsdateien manipulieren und den Webserver... www.all-about-security.de/cve-2026-330...

1
0
0
21h ago

Giorgio di Grazia @rcinghio.bsky.social

Actively Exploited nginx-ui Flaw Enables Full Nginx Server Takeover. This authentication bypass vulnerability (CVE-2026-33032) enables threat actors to seize control of the service. It has been codenamed MCPwn by Pluto Security. #nginx #vulnerability thehackernews.com/2026/04/crit...

1
0
0
19h ago

Rapid7 @rapid7.com

🚨 On 3/30/26, a security advisory was published for CVE-2026-33032 – a critical vulnerability affecting #NginxUI. This is a missing authentication bug with a CVSS score of 9.8, and exploitation in the wild has begun. More from Rapid7: r-7.co/4mzAr7G

0
2
0
12h ago

Tech-News @technology-news.bsky.social

CVE-2026-33032 exposes nginx-ui to unauthenticated takeover via MCP endpoint, impacting 2,600+ instances with active exploitation.

0
1
0
1h ago

Ahmet BÜTÜN @ahmetbutun.bsky.social

Critical Nginx UI Auth Bypass Flaw Actively Exploited A critical vulnerability in the Nginx UI, known as CVE-2026-33032, is being exploited by attackers,.... @thecosmicmeta.com #Nginx https://u2m.io/h88aY2wo

0
0
0
17h ago

piggo @pigondrugs.bsky.social

~Cybergcca~ Critical flaws in Drupal core (XSS) and Nginx UI (CVE-2026-33032, exploited in wild). - IOCs: CVE-2026-33032, SA-CORE-2026-001 - #Drupal #Nginx #ThreatIntel

0
0
0
15h ago

CyberVeille @cyberveille-ch.bsky.social

📢 CVE-2026-33032 : Authentification manquante dans Nginx UI exploitée in the wild 📝 ## 🔍 Contexte Rapid7 a publié le 16 avril 2026 une alerte de sécur… https://cyberveille.ch/posts/2026-04-16-cve-2026-33032-authentification-manquante-dans-nginx-ui-exploitee-in-the-wild/ #CVE_2026_33032 #Cyberveille

0
0
0
5h ago

ohhara @shiojiri.com

Update now: Active exploitation of Nginx UI vulnerability CVE-2026-33032 underway - Cyber Daily https://www.cyberdaily.au/security/13477-update-now-active-exploitation-of-nginx-ui-vulnerability-cve-2026-33032-underway

0
0
0
3h ago

ohhara @shiojiri.com

CVE-2026-33032: severe nginx-ui bug grants unauthenticated server access https://securityaffairs.com/190841/hacking/cve-2026-33032-severe-nginx-ui-bug-grants-unauthenticated-server-access.html

0
0
0
2h ago

Eyal Estrin ☁️ @eyalestrin.bsky.social

Critical Unauthenticated RCE and Server Takeover (CVE-2026-33032, CVE-2026-27825) #appsec

0
0
0
1h ago

CVE-2026-34197

Overview

Apache Software Foundation
Apache ActiveMQ Broker
org.apache.activemq:activemq-broker

07 Apr 2026

Published

17 Apr 2026

Updated

CVSS

Pending

EPSS

6.22%

MITRE

KEV

Description

Improper Input Validation, Improper Control of Generation of Code ('Code Injection') vulnerability in Apache ActiveMQ Broker, Apache ActiveMQ. Apache ActiveMQ Classic exposes the Jolokia JMX-HTTP bridge at /api/jolokia/ on the web console. The default Jolokia access policy permits exec operations on all ActiveMQ MBeans (org.apache.activemq:*), including BrokerService.addNetworkConnector(String) and BrokerService.addConnector(String). An authenticated attacker can invoke these operations with a crafted discovery URI that triggers the VM transport's brokerConfig parameter to load a remote Spring XML application context using ResourceXmlApplicationContext. Because Spring's ResourceXmlApplicationContext instantiates all singleton beans before the BrokerService validates the configuration, arbitrary code execution occurs on the broker's JVM through bean factory methods such as Runtime.exec(). This issue affects Apache ActiveMQ Broker: before 5.19.4, from 6.0.0 before 6.2.3; Apache ActiveMQ All: before 5.19.4, from 6.0.0 before 6.2.3; Apache ActiveMQ: before 5.19.4, from 6.0.0 before 6.2.3. Users are recommended to upgrade to version 5.19.4 or 6.2.3, which fixes the issue

Statistics

8 Posts

Last activity: 2 hours ago

Fediverse

HackerWorkspace @hackerworkspace

Apache ActiveMQ CVE-2026-34197 Added to CISA KEV Amid Active Exploitation

https://thehackernews.com/2026/04/apache-activemq-cve-2026-34197-added-to.html

Read on HackerWorkspace: https://hackerworkspace.com/article/apache-activemq-cve-2026-34197-added-to-cisa-kev-amid-active-exploitation

#cybersecurity #vulnerability #exploit

0
0
1
2h ago

Bluesky

CyberVeille @cyberveille-ch.bsky.social

📢 CVE-2026-34197 : RCE critique dans Apache ActiveMQ Classic via l'API Jolokia 📝 ## 🔍 Contexte Publié le 7 avril 2026 par Horizon3.ai, cet article prése… https://cyberveille.ch/posts/2026-04-16-cve-2026-34197-rce-critique-dans-apache-activemq-classic-via-l-api-jolokia/ #Apache_ActiveMQ #Cyberveille

0
0
0
5h ago

キタきつね @kitafox.bsky.social

CISAが既知の悪用された脆弱性を1件カタログに追加 CISA Adds One Known Exploited Vulnerability to Catalog #CISA (Apr 16) CVE-2026-34197 Apache ActiveMQ 入力検証の不備 www.cisa.gov/news-events/...

0
0
0
5h ago

piggo @pigondrugs.bsky.social

~Cisa~ CISA added actively exploited CVE-2026-34197 (Apache ActiveMQ) to its KEV catalog. - IOCs: CVE-2026-34197 - #Apache #CVE202634197 #ThreatIntel

0
0
0
3h ago

ohhara @shiojiri.com

CVE-2026-34197 Apache ActiveMQ Improper Input Validation Vulnerability

0
0
0
3h ago

Information Security Briefly @infosecbriefly.bsky.social

A high-severity security flaw in Apache ActiveMQ Classic, CVE-2026-34197, is actively exploited, requiring urgent fixes by April 30, 2026.

0
0
0
3h ago

ReconBee @reconbee.bsky.social

Apache ActiveMQ CVE-2026-34197 Added to CISA KEV Amid Active Exploitation reconbee.com/apache-activ... #ActiveMQ #Apache #CISA #KEV #cybersecurity #cyberattack

0
0
0
2h ago

CVE-2026-21643

Overview

Fortinet
FortiClientEMS

06 Feb 2026

Published

14 Apr 2026

Updated

CVSS v3.1

CRITICAL (9.1)

EPSS

33.91%

MITRE

KEV

Description

An improper neutralization of special elements used in an sql command ('sql injection') vulnerability in Fortinet FortiClientEMS 7.4.4 may allow an unauthenticated attacker to execute unauthorized code or commands via specifically crafted HTTP requests.

Statistics

3 Posts
4 Interactions

Last activity: Last hour

Fediverse

N_{Dario Fadda} @nuke

Critical Fortinet FortiClient EMS Vulnerability CVE-2026-21643 Actively Exploited — CISA Demands Patch Today
#CyberSecurity
https://securebulletin.com/critical-fortinet-forticlient-ems-vulnerability-cve-2026-21643-actively-exploited-cisa-demands-patch-today/

4
0
0
23h ago

Bluesky

OpsMatters @handle.invalid

The latest update for #Foresiet includes "CVE-2026-21643: Pre-Authentication SQL Injection in Endpoint Management Server Leading to Remote Code Execution" and "The AI Inversion: Tracking the Most Dangerous Cyber Attacks of 2026". #cybersecurity #infosec https://opsmtrs.com/3J3CMGz

0
0
0
6h ago

Undercode Testing @undercode.bsky.social

CVE-2026-21643 FortiGhost – Unauthenticated SQL Injection to Remote Code Execution on FortiClient EMS – Critical Patch Now! + Video Introduction: FortiClient Enterprise Management Server (EMS) is a centralized management solution for Fortinet's endpoint security products, widely deployed in…

0
0
0
Last hour

CVE-2026-33825

Overview

Microsoft
Microsoft Defender Antimalware Platform

14 Apr 2026

Published

16 Apr 2026

Updated

CVSS v3.1

HIGH (7.8)

EPSS

0.04%

MITRE

KEV

Description

Insufficient granularity of access control in Microsoft Defender allows an authorized attacker to elevate privileges locally.

Statistics

3 Posts

Last activity: 5 hours ago

Fediverse

Klaus Frank @agowa338

Fully exploitable Windows Defender vulnerability with full source code public for >8 days no CVE assigned so far (BlueHammer).

Writeup: https://hackingpassion.com/bluehammer-windows-defender-zero-day/

Full source code: https://github.com/Nightmare-Eclipse/BlueHammer

/cc @bsi Was ist eigentlich der "Prozess" für vollständig öffentliche Lücken zu denen es seit über einer Woche noch nicht einmal eine CVE Nummer gibt?

Edit: Patch and CVE number CVE-2026-33825 available by now. Took 6 days though.

#infosec #itsec #Microsoft #WindowsDefender #BlueHammer

0
0
0
20h ago

Bluesky

Helios Mier @hmier.bsky.social

clarificar sobre los nuevos CVEs El misto tipo libero 3 PoCs... BLUEHAMMER - LPE en windows defender. CVE-2026-33825 parche incluido en el rollup de abril. UNDEFED - DoS a windows defender. no info de CVE o parche. REDSUN - LEP en windows defender. Exploit liberado. no parche.

0
0
0
14h ago

CyberVeille @cyberveille-ch.bsky.social

📢 CVE-2026-33825 : Zero-day Windows Defender exploité par BlueHammer et RedSun pour élévation de privilèges 📝 ## 🗓️ Contexte Publ… https://cyberveille.ch/posts/2026-04-16-cve-2026-33825-zero-day-windows-defender-exploite-par-bluehammer-et-redsun-pour-elevation-de-privileges/ #BlueHammer #Cyberveille

0
0
0
5h ago

CVE-2026-20184

Overview

Cisco
Cisco Webex Meetings

15 Apr 2026

Published

16 Apr 2026

Updated

CVSS v3.1

CRITICAL (9.8)

EPSS

0.05%

MITRE

KEV

Description

A vulnerability in the integration of single sign-on (SSO) with Control Hub in Cisco Webex Services could have allowed an unauthenticated, remote attacker to impersonate any user within the service. This vulnerability existed because of improper certificate validation. Prior to this vulnerability being addressed, an attacker could have exploited this vulnerability by connecting to a service endpoint and supplying a crafted token. A successful exploit could have allowed the attacker to gain unauthorized access to legitimate Cisco Webex services.

Statistics

2 Posts
1 Interaction

Last activity: 16 hours ago

Fediverse

benzogaga33 :verified: @benzogaga33

Cisco Webex – CVE-2026-20184 : cette faille critique nécessite une action de l’admin https://www.it-connect.fr/cisco-webex-cve-2026-20184-cette-faille-critique-necessite-une-action-de-ladmin/ #ActuCybersécurité #Vulnérabilités #Cybersécurité #Cisco

0
1
0
16h ago

Bluesky

Undercode Testing @undercode.bsky.social

Cisco Webex Zero-Day Alert: Unauthenticated Remote Attackers Can Impersonate Any User – Patch Now! + Video Introduction A critical vulnerability (CVE-2026-20184) has been discovered in Cisco Webex cloud-based services, allowing an unauthenticated remote attacker to bypass authentication mechanisms…

0
0
0
21h ago

CVE-2023-33538

Overview

Pending

07 Jun 2023

Published

20 Dec 2025

Updated

CVSS

Pending

EPSS

91.47%

MITRE

KEV

Description

TP-Link TL-WR940N V2/V4, TL-WR841N V8/V10, and TL-WR740N V1/V2 was discovered to contain a command injection vulnerability via the component /userRpm/WlanNetworkRpm .

Statistics

2 Posts

Last activity: 3 hours ago

Bluesky

Cyber Threat Feeds @montxt.bsky.social

A Deep Dive Into Attempted Exploitation of CVE-2023-33538 https://unit42.paloaltonetworks.com/exploitation-of-cve-2023-33538/

0
0
0
9h ago

piggo @pigondrugs.bsky.social

~Paloalto~ Active Mirai-like botnets are exploiting CVE-2023-33538 in EOL TP-Link routers via command injection. - IOCs: 51. 38. 137. 113, cnc. vietdediserver. shop, bot. ddosvps. cc - #CVE202333538 #IoT #Mirai #ThreatIntel

0
0
0
3h ago

CVE-2026-39813

Overview

Fortinet
FortiSandbox

14 Apr 2026

Published

15 Apr 2026

Updated

CVSS v3.1

CRITICAL (9.1)

EPSS

0.06%

MITRE

KEV

Description

A path traversal: '../filedir' vulnerability in Fortinet FortiSandbox 5.0.0 through 5.0.5, FortiSandbox 4.4.0 through 4.4.8 may allow attacker to escalation of privilege via <insert attack vector here>

Statistics

3 Posts

Last activity: 5 hours ago

Fediverse

CyberNetsecIO @netsecio

📰 Fortinet Patches Critical Authentication Bypass and RCE Flaws in FortiSandbox

Fortinet patches two critical (CVSS 9.1) flaws in FortiSandbox. 🚨 CVE-2026-39813 (auth bypass) & CVE-2026-39808 (RCE) can be exploited by an unauthenticated attacker. Patch immediately! #Fortinet #Vulnerability #CyberSecurity

🔗 https://cyber.netsecops.io/articles/fortinet-patches-critical-vulnerabilities-in-fortisandbox/?utm_source=mastodon&utm_medium=social&utm_campaign=twitter_auto

0
0
0
11h ago

Bluesky

Help Net Security @helpnetsecurity.com

Fortinet fixes critical FortiSandbox vulnerabilities (CVE-2026-39813, CVE-2026-39808) 📖 Read more: www.helpnetsecurity.com/2026/04/16/f... #cybersecurity #cybersecuritynews #sandbox #securityupdate #vulnerability

0
0
0
18h ago

キタきつね @kitafox.bsky.social

FortinetがFortiSandboxの重大な脆弱性（CVE-2026-39813、CVE-2026-39808）を修正 Fortinet fixes critical FortiSandbox vulnerabilities (CVE-2026-39813, CVE-2026-39808) #HelpNetSecurity (Apr 16) www.helpnetsecurity.com/2026/04/16/f...

0
0
0
5h ago

CVE-2026-39808

Overview

Fortinet
FortiSandbox

14 Apr 2026

Published

15 Apr 2026

Updated

CVSS v3.1

CRITICAL (9.1)

EPSS

0.29%

MITRE

KEV

Description

A improper neutralization of special elements used in an os command ('os command injection') vulnerability in Fortinet FortiSandbox 4.4.0 through 4.4.8 may allow attacker to execute unauthorized code or commands via <insert attack vector here>

Statistics

3 Posts

Last activity: 5 hours ago

Fediverse

CyberNetsecIO @netsecio

📰 Fortinet Patches Critical Authentication Bypass and RCE Flaws in FortiSandbox

Fortinet patches two critical (CVSS 9.1) flaws in FortiSandbox. 🚨 CVE-2026-39813 (auth bypass) & CVE-2026-39808 (RCE) can be exploited by an unauthenticated attacker. Patch immediately! #Fortinet #Vulnerability #CyberSecurity

🔗 https://cyber.netsecops.io/articles/fortinet-patches-critical-vulnerabilities-in-fortisandbox/?utm_source=mastodon&utm_medium=social&utm_campaign=twitter_auto

0
0
0
11h ago

Bluesky

Help Net Security @helpnetsecurity.com

Fortinet fixes critical FortiSandbox vulnerabilities (CVE-2026-39813, CVE-2026-39808) 📖 Read more: www.helpnetsecurity.com/2026/04/16/f... #cybersecurity #cybersecuritynews #sandbox #securityupdate #vulnerability

0
0
0
18h ago

キタきつね @kitafox.bsky.social

FortinetがFortiSandboxの重大な脆弱性（CVE-2026-39813、CVE-2026-39808）を修正 Fortinet fixes critical FortiSandbox vulnerabilities (CVE-2026-39813, CVE-2026-39808) #HelpNetSecurity (Apr 16) www.helpnetsecurity.com/2026/04/16/f...

0
0
0
5h ago

CVE-2009-0238

Overview

Pending

25 Feb 2009

Published

15 Apr 2026

Updated

CVSS

Pending

EPSS

81.14%

MITRE

KEV

Description

Microsoft Office Excel 2000 SP3, 2002 SP3, 2003 SP3, and 2007 SP1; Excel Viewer 2003 Gold and SP3; Excel Viewer; Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1; and Excel in Microsoft Office 2004 and 2008 for Mac allow remote attackers to execute arbitrary code via a crafted Excel document that triggers an access attempt on an invalid object, as exploited in the wild in February 2009 by Trojan.Mdropper.AC.

Statistics

1 Post
1 Interaction

Last activity: 12 hours ago

Fediverse

Christoph Schmees @PC_Fluesterer

Antiker Fehler in MS Excel wird angegriffen

Kaum zu glauben, aber wahr: Die Sicherheitslücke CVE-2009-0238 vom Februar 2009, gegen die längst ein Update vorliegt, wird offenbar gerade aktiv in Angriffen ausgenutzt. Jedenfalls ist sie am 2026-04-14 in den KEV Katalog der CISA aufgenommen worden; die US-Behörden müssen innerhalb von zwei Wochen ihre Systeme aktualisieren. Betroffen sind

Microsoft Office Excel 2000 SP3, 2002 SP3, 2003 SP3, 2007 SP1
Excel Viewer 2003 Gold und SP3
Excel Viewer
Compatibility Pack für Word, Excel, und PowerPoint 2007 Dateiformate SP1
Excel in Microsoft Office 2004 und 2008 for Mac

Ein Angreifer kann die volle Kontrolle über den

https://www.pc-fluesterer.info/wordpress/2026/04/16/antiker-fehler-in-ms-excel-wird-angegriffen/

#Empfehlung #Hintergrund #Warnung #cybercrime #exploits #Microsoft #office #sicherheit #unplugMicrosoft

1
0
0
12h ago

CVE-2026-33210

Overview

ruby
json

20 Mar 2026

Published

23 Mar 2026

Updated

CVSS v4.0

HIGH (8.3)

EPSS

0.03%

MITRE

KEV

Description

Ruby JSON is a JSON implementation for Ruby. From version 2.14.0 to before versions 2.15.2.1, 2.17.1.2, and 2.19.2, a format string injection vulnerability can lead to denial of service attacks or information disclosure, when the allow_duplicate_key: false parsing option is used to parse user supplied documents. This issue has been patched in versions 2.15.2.1, 2.17.1.2, and 2.19.2.

Statistics

1 Post
1 Interaction

Last activity: 19 hours ago

Bluesky

Lambda Watchdog @lambdawatchdog.bsky.social

🚨 New CRITICAL CVE detected in AWS Lambda 🚨 CVE-2026-33210 impacts json in 1 Lambda base images. Details: https://github.com/aws/aws-lambda-base-images/issues/479 More: https://lambdawatchdog.com/ #AWS #Lambda #CVE #CloudSecurity #Serverless

0
1
0
19h ago