CVE-2026-33032 – nginx-ui Critical Remote Code Execution Vulnerability
CVSS 9.8
CRITICAL
“One exposed admin interface is all it takes to hand over the keys.”
A critical vulnerability in nginx-ui, tracked as CVE-2026-33032, has been addressed with a security patch. The CVSS score is 9.8, which is Critical severity, signaling maximum risk. This issue could allow attackers to execute arbitrary code, potentially taking full control of affected systems through the management interface.
The presence of a verified proof-of-concept increases the urgency, as it lowers the barrier for exploitation and accelerates attacker adoption. Systems running nginx-ui in exposed or improperly secured environments are especially at risk, making rapid patching essential to prevent compromise.
Key Details
- Affected Product
- Nginxui Nginx Ui
- Attack Vector
- Network
- Attack Complexity
- Low
- Privileges Required
- None
- User Interaction
- None
- CWE Classification
- CWE-306
Patch this CVE on all your endpoints in under 5 minutes.
First 200 endpoints are free forever, scale as needed.