Nginx UI is a web user interface for the Nginx web server. In versions 2.3.5 and prior, the nginx-ui MCP (Model Context Protocol) integration exposes two HTTP endpoints: /mcp and /mcp_message. While /mcp requires both IP whitelisting and authentication (AuthRequired() middleware), the /mcp_message endpoint only applies IP whitelisting - and the default IP whitelist is empty, which the middleware treats as "allow all". This means any network attacker can invoke all MCP tools without authentication, including restarting nginx, creating/modifying/deleting nginx configuration files, and triggering automatic config reloads - achieving complete nginx service takeover. At time of publication, there are no publicly available patches.
The MCP (Model Context Protocol) integration in Nginx UI exposes two HTTP endpoints: /mcp and /mcp_message. The /mcp endpoint requires both IP whitelisting and authentication (AuthRequired() middleware), while /mcp_message applies only IP whitelisting. Since the default list of allowed IP addresses is empty, the middleware treats this state as 'allow all'. As a result, any network attacker can call all MCP tools without authentication, including restarting Nginx, creating, modifying and deleting configuration files, and forcing their reload.
An attacker without any privileges can completely take over the Nginx service — modify its configuration, destroy configuration files or cause service unavailability (DoS). Manipulation of network traffic handled by the Nginx server is also possible.
At the time of CVE publication there are no publicly available patches. You should monitor the vendor's repository at https://github.com/0xJacky/nginx-ui and apply available updates immediately upon release. Until a patch becomes available, it is recommended to restrict network access to the /mcp and /mcp_message endpoints using external access control mechanisms (e.g., firewall, reverse proxy with enforced authentication) or disable MCP integration if not required.
Nginx UI versions 2.3.5 and earlier with MCP integration enabled
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HNginxui nginx Ui
APPNginxui≤ 2.3.5
Related vulnerabilities
Nginx UI: nieuwierzytelnione RCE przez endpoint przywracania kopii zapasowej
Nginx UI: manipulacja zaszyfrowanymi kopiami zapasowymi i wstrzyknięcie konfiguracji
Nginx UI: nieuwierzytelniony dostęp do backupu z ujawnieniem kluczy szyfrowania
Nginx-UI: path traversal w imporcie certyfikatów umożliwia RCE
Nginx UI is a web user interface for the Nginx web server. In 2.3.4 and earlier, an authenticated user can per...