CVE-2026-33032 — Vulnetix

CVE-2026-33032 PUBLISHED CVSS 8.600000381469727 HIGH

On April 10, 2026, Nginx UI published a security advisory to address a critical vulnerability in the following product: Nginx UI – version v2.3.5 and prior Open-source reporting indicates that the CVE-2026-33032 vulnerability is being exploited in the wild. The Cyber Centre encourages users and administrators to review the provided web links and apply the necessary updates, when available.

Risk Scores

CVSS v4.0

8.600000381469727

CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Affected Products

Vendor	Product	Versions
Nginx	Nginx UI – version v2.3.5 and prior

Timeline

CVE Published
Mar 30, 2026 PoC Published
Mar 30, 2026 Security Advisory
Apr 21, 2026 PoC Published

References

https://cyber.gc.ca/en/alerts-advisories/nginx-ui-security-advisory-av26-360 advisory
https://github.com/0xJacky/nginx-ui/releases/tag/v2.3.6 vendor
https://nvd.nist.gov/vuln/detail/CVE-2026-33032 vendor

Open in Interactive Console →