Critical Nginx UI auth bypass flaw now actively exploited in the wild
Over Security - Cybersecurity news aggregator [Unofficial]
April 15, 2026
A critical vulnerability in Nginx UI with Model Context Protocol (MCP) support is now being exploited in the wild for full server takeover without authentication.
Discussion in the ATmosphere