CVE-2026-33032 | 0xJacky nginx-ui up to 2.3.5 Model Context Protocol /mcp AuthRequired missing authentication (GHSA-h6c2-x2m2-mwhf)

A vulnerability described as critical has been identified in 0xJacky nginx-ui up to 2.3.5. The impacted element is the function AuthRequired of the file /mcp of the component Model Context Protocol. The manipulation results in missing authentication.

This vulnerability is known as CVE-2026-33032. It is possible to launch the attack remotely. No exploit is available.VulDB Recent EntriesRead More