MCPwn Flaw in Nginx UI Becomes the First Major MCP Vulnerability Exploited in the Wild
A missing authentication check on a Model Context Protocol endpoint in nginx-ui exposes roughly 2,600 servers to full takeover, and unauthenticated exploitation is practical when paired with a second flaw that leaks a required node secret.
5 min read4 sources