Hello Kubernetes Community,
Multiple issues are disclosed today in ingress-nginx, and assigned the following CVE IDs: CVE-2026-1580, CVE-2026-24512, CVE-2026-24513, CVE-2026-24514.
The most serious of these issues have been rated HIGH (CVSS calculator, score: 8.8).
Am I vulnerable?
This issue affects ingress-nginx. If you do not have ingress-nginx installed on your cluster, you are not affected. You can check this by running kubectl get pods --all-namespaces --selector app.kubernetes.io/name=ingress-nginx.
Affected Versions
-
ingress-nginx: < v1.13.7
-
ingress-nginx: < v1.14.3
How do I mitigate this vulnerability?
ACTION REQUIRED: The following steps must be taken to mitigate this vulnerability: Upgrade ingress-nginx to v1.13.7, v1.14.3, or any later version.
Certain of these issues can be partially mitigated before patching. Please see their respective GitHub issues.
Fixed Versions
-
ingress-nginx: v1.13.7
-
ingress-nginx: v1.14.3
How to upgrade?
To upgrade, refer to the documentation: Upgrading Ingress-nginx
Detection
Detection information for most of the vulns can be found in their respective GitHub issues.
If you find evidence that this vulnerability has been exploited, please contact security@kubernetes.io
Additional Details
For further information, please see the following GitHub issues:
Thank You,
Tabitha Sable, on behalf of the Kubernetes Security Response Committee