Critical Nginx UI Vulnerability Actively Exploited, Exposing Servers to Hacking
Security researchers confirm active exploitation of CVE-2026-33032, a critical remote takeover flaw in the Nginx UI management tool, affecting over 2,600 internet-exposed instances.
Key Points
- CVE-2026-33032 allows unauthenticated attackers to take full control of Nginx servers
- Over 2,600 internet-exposed instances observed in the wild
- Vulnerability is among 31 high-impact flaws exploited in March 2026
Full Details
On April 15, 2026, security researchers from Pluto Security reported active exploitation of CVE-2026-33032, a critical vulnerability in the Nginx UI management tool that allows unauthenticated attackers to take full control of servers. The vulnerability was responsibly disclosed to Nginx UI developers in March, but more than 2,600 internet-exposed instances have been observed in the wild. Threat intelligence firm Recorded Future noted that this flaw was among 31 high-impact vulnerabilities exploited in March 2026. Organizations using Nginx UI are urged to apply patches immediately to prevent server compromise and data breaches.
Why It Matters
This active exploitation highlights the urgent need for timely patching of critical vulnerabilities, as unsecured Nginx UI instances pose significant risks to web infrastructure and data security.
Get stories like this delivered daily
AI-curated news, personalized to your interests. Zero noise.
Start 7-Day Free Trial →More in Global News
Iran war: What is happening on day 51 of the US-Iran conflict?
On April 21, 2026, day 51 of the US-Iran conflict, the US is enforcing a maritime blockade of Iranian ports, with CENTCOM reporting that nine vessels complied with orders to turn back and at least one Iranian-flagged cargo ship was redirected after departing Bandar Abbas. The US has imposed new sanctions on 29 individuals, companies, and vessels linked to Iranian oil smuggling. Iran has shifted all schools to virtual learning and kept the Strait of Hormuz closed after briefly reopening it. Negot
Bodies of 50 infants dumped at Trinidad graveyard
Police say a preliminary investigation shows it may be a case of an "unlawful disposal of unclaimed corpses".
Iran war live: Hormuz Strait ‘closed’ as Tehran says no date for US talks
Iran’s Islamic Revolutionary Guard Corps Navy announced on Saturday that the Strait of Hormuz remains closed, warning that any vessel attempting to pass will be targeted. The closure, which reversed a decision to reopen the strait less than 24 hours earlier, will stay in force until the United States lifts its naval blockade of Iranian ports, which Tehran calls a violation of the cease-fire. Top negotiator Mohammad Bagher Ghalibaf claimed “progress” in talks with the U.S. but added that a “big d
Iran war live: Tehran says no date set for US talks, Hormuz Strait closed
IRGC says the Strait of Hormuz will remain closed until the US stops blockading Iranian ports.