[oss-security] [kubernetes] Multiple issues in ingress-nginx

Mon, 02 Feb 2026 08:56:03 -0800 

Hello Kubernetes Community,

Multiple issues are disclosed today in ingress-nginx, and assigned the
following CVE IDs: CVE-2026-1580
<https://github.com/kubernetes/kubernetes/issues/136677>, CVE-2026-24512
<https://github.com/kubernetes/kubernetes/issues/136678>, CVE-2026-24513
<https://github.com/kubernetes/kubernetes/issues/136679>, CVE-2026-24514
<https://github.com/kubernetes/kubernetes/issues/136680>.

The most serious of these issues have been rated HIGH (CVSS calculator
<https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H>,
score: 8.8).
Am I vulnerable?

This issue affects ingress-nginx. If you do not have ingress-nginx
installed on your cluster, you are not affected. You can check this by
running `kubectl get pods --all-namespaces --selector
app.kubernetes.io/name=ingress-nginx`.
Affected Versions

   -

   ingress-nginx: < v1.13.7
   -

   ingress-nginx: < v1.14.3

How do I mitigate this vulnerability?

ACTION REQUIRED: The following steps must be taken to mitigate this
vulnerability: Upgrade ingress-nginx to v1.13.7, v1.14.3, or any later
version.

Certain of these issues can be partially mitigated before patching. Please
see their respective GitHub issues.
Fixed Versions

   -

   ingress-nginx: v1.13.7
   -

   ingress-nginx: v1.14.3

How to upgrade?

To upgrade, refer to the documentation: Upgrading Ingress-nginx
<https://kubernetes.github.io/ingress-nginx/deploy/upgrade/>
Detection

Detection information for most of the vulns can be found in their
respective GitHub issues.

If you find evidence that this vulnerability has been exploited, please
contact [email protected]
Additional Details

For further information, please see the following GitHub issues:


   -

   CVE-2026-1580 <https://github.com/kubernetes/kubernetes/issues/136677>
   -

   CVE-2026-24512 <https://github.com/kubernetes/kubernetes/issues/136678>
   -

   CVE-2026-24513 <https://github.com/kubernetes/kubernetes/issues/136679>
   -

   CVE-2026-24514 <https://github.com/kubernetes/kubernetes/issues/136680>


Thank You,

Tabitha Sable, on behalf of the Kubernetes Security Response Committee

Reply via email to