NGINX is a reverse proxy/load balancer that typically acts because the front-end internet visitors receiver and directs it to the applying service for information transformation. Ingress NGINX is a model utilized in Kubernetes because the controller for visitors coming into the infrastructure. It takes care of mapping visitors to pods of containers working jobs with out exposing the pods themselves. Meghu says Ingress NGINX is the first visitors entry level, and is efficient as a result of its means to reload its configuration on the fly, permitting it to regulate to modifications inside a Kubernetes cluster.
These vulnerabilities solely have an effect on Ingress NGINX variations 1.13.7 and beneath, and 1.14.3 and beneath, if they’re put in on a Kubernetes cluster.
The warning comes simply weeks earlier than, as introduced at KubeCon in November, support for Ingress NGINX ends. Beginning in March, the undertaking will not obtain energetic upkeep, safety patches, or bug fixes.
Consultants have been urging Kubernetes directors to shift to a brand new controller ever since. They advocate Kubernetes Gateway API as the usual for visitors administration. Meghu notes it’s vendor impartial and broadly used. Different choices are controllers akin to Cilium Ingress, Traefik, or HAProxy Ingress.
Along with CVE-2026-24512, the opposite new vulnerabilities are CVE-2026-24513, thought-about by Meghu a low threat since an attacker must have a config containing particular errors to use, and CVE-2026-24514, which Meghu considers a medium threat. The controller may very well be topic to a denial of service if an attacker overwhelms it with requests.
These are simply the newest points with Ingress NGINX. Simply over a 12 months in the past, researchers at Wiz found a gaggle of holes dubbed IngressNightmare. They can enable unauthenticated customers to inject malicious NGINX configurations and execute malicious code into the Ingress NGINX pod, doubtlessly exposing all cluster secrets and techniques and resulting in cluster takeover.
