<?xml version="1.0" encoding="utf-8" standalone="yes"?><rss version="2.0" xmlns:atom="http://www.w3.org/2005/Atom"><channel><title>Cve-2026-33032 on HackingPassion.com : root@HackingPassion.com-[~]</title><link>https://hackingpassion.com/tags/cve-2026-33032/</link><description>Recent content in Cve-2026-33032 on HackingPassion.com : root@HackingPassion.com-[~]</description><generator>Hugo</generator><language>en</language><lastBuildDate>Thu, 16 Apr 2026 11:11:43 +0200</lastBuildDate><atom:link href="https://hackingpassion.com/tags/cve-2026-33032/index.xml" rel="self" type="application/rss+xml"/><item><title>Nginx-UI MCPwn (CVE-2026-33032): Full Server Takeover With One Unauthenticated Request</title><link>https://hackingpassion.com/nginx-ui-mcpwn-cve-2026-33032/</link><pubDate>Thu, 16 Apr 2026 11:11:43 +0200</pubDate><guid>https://hackingpassion.com/nginx-ui-mcpwn-cve-2026-33032/</guid><description>&lt;p>A critical vulnerability in nginx-ui has been actively exploited since March 2026, and it gives any attacker on the network full control over the nginx server behind it without a single credential. &lt;strong>CVE-2026-33032&lt;/strong> scores &lt;strong>9.8 on the CVSS scale&lt;/strong>, sits inside an AI integration that was added to the tool in late 2025, and the entire root cause turned out to be 27 characters of missing code. Recorded Future assigned it a risk score of &lt;strong>94 out of 100&lt;/strong>. The researchers who found it named it &lt;strong>MCPwn&lt;/strong>. 😏&lt;/p></description></item></channel></rss>