A vulnerability described as critical has been identified in 0xJacky nginx-ui up to 2.3.5 . The impacted element is the function AuthRequired of the file /mcp of the component Model Context Protocol . The manipulation results in missing authentication. This vulnerability is known as CVE-2026-33032 . It is possible to launch the attack remotely. No exploit is available.