A critical authentication bypass in Nginx UI allows unauthenticated network attackers to modify configurations and take over the Nginx service due to an empty default IP whitelist.

The /mcp_message endpoint in the Nginx UI MCP integration lacks mandatory authentication. While it relies on an IP whitelist, the default configuration is empty, which the software interprets as "allow all." This allows any network-adjacent attacker to invoke tools for restarting Nginx or modifying its configuration files without credentials.

A successful exploit grants an attacker full control over the Nginx web server's configuration and operational state. This can lead to service downtime, unauthorized redirection of web traffic, and potential exposure of backend services. The CVSS score of 9.8 highlights the severity of allowing unauthenticated administrative actions.

Immediate Action: Since no patch is currently available, administrators should immediately restrict access to the /mcp_message and /mcp endpoints via firewall rules or a reverse proxy.

Proactive Monitoring: Monitor Nginx configuration files for unauthorized changes and review Nginx UI logs for unexpected requests to the /mcp_message endpoint.

Compensating Controls: Manually configure the IP whitelist in the Nginx UI settings to include only trusted administrative IP addresses, ensuring it is not left empty.

Public Exploit Available: No

In the absence of a vendor patch, organizations must implement strict network-level access controls to isolate the Nginx UI management interface. Restricting access to trusted internal IPs is a mandatory step to prevent unauthenticated takeover of the Nginx service.