{"data":{"id":"6a71a10e-7208-429a-b967-a2df700a2431","title":"Critical Nginx UI auth bypass flaw now actively exploited in the wild","summary":"A critical vulnerability in Nginx UI (CVE-2026-33032) leaves an unprotected endpoint that allows attackers to invoke privileged actions without logging in, enabling complete takeover of the web server by modifying configuration files. The flaw is being actively exploited in the wild, with over 2,600 publicly exposed instances at risk. Nginx UI is a popular web-based management interface for the Nginx web server, used by many organizations to control their servers.","solution":"Nginx released a fix in version 2.3.4 on March 15. The latest secure version is 2.3.6, released the week after the source was published. System administrators are recommended to apply these security updates as soon as possible.","labels":["security"],"sourceUrl":"https://www.bleepingcomputer.com/news/security/critical-nginx-ui-auth-bypass-flaw-now-actively-exploited-in-the-wild/","publishedAt":"2026-04-15T22:35:09.000Z","cveId":null,"cweIds":null,"cvssScore":null,"cvssSeverity":null,"severity":"critical","attackType":["other"],"issueType":"news","affectedPackages":null,"affectedVendors":[],"affectedVendorsRaw":["Nginx UI","Pluto Security AI"],"classifierModel":"claude-haiku-4-5-20251001","classifierPromptVersion":"v3","cvssVector":null,"attackVector":null,"attackComplexity":null,"privilegesRequired":null,"userInteraction":null,"exploitMaturity":null,"epssScore":null,"patchAvailable":null,"disclosureDate":"2026-04-15T22:35:09.000Z","capecIds":null,"crossRefCount":0,"attackSophistication":"trivial","impactType":["integrity","availability"],"aiComponentTargeted":"inference","llmSpecific":false,"classifierConfidence":0.75,"researchCategory":null,"atlasIds":null}}