[Security Advisory] Multiple issues in ingress-nginx

871 views

Skip to first unread message

Tabitha Sable

unread,

Feb 2, 2026, 11:43:08 AM (yesterday) Feb 2

to kubernete...@googlegroups.com, dev, kubernetes-sec...@googlegroups.com, kubernetes-se...@googlegroups.com, distributo...@kubernetes.io

Hello Kubernetes Community,

Multiple issues are disclosed today in ingress-nginx, and assigned the following CVE IDs: CVE-2026-1580, CVE-2026-24512, CVE-2026-24513, CVE-2026-24514.

The most serious of these issues have been rated HIGH (CVSS calculator, score: 8.8).

Am I vulnerable?

This issue affects ingress-nginx. If you do not have ingress-nginx installed on your cluster, you are not affected. You can check this by running `kubectl get pods --all-namespaces --selector app.kubernetes.io/name=ingress-nginx`.

Affected Versions

ingress-nginx: < v1.13.7
ingress-nginx: < v1.14.3

How do I mitigate this vulnerability?

ACTION REQUIRED: The following steps must be taken to mitigate this vulnerability: Upgrade ingress-nginx to v1.13.7, v1.14.3, or any later version.

Certain of these issues can be partially mitigated before patching. Please see their respective GitHub issues.

Fixed Versions

ingress-nginx: v1.13.7
ingress-nginx: v1.14.3

How to upgrade?

To upgrade, refer to the documentation: Upgrading Ingress-nginx

Detection

Detection information for most of the vulns can be found in their respective GitHub issues.

If you find evidence that this vulnerability has been exploited, please contact secu...@kubernetes.io

Additional Details

For further information, please see the following GitHub issues:

Thank You,

Tabitha Sable, on behalf of the Kubernetes Security Response Committee

Reply all

Reply to author

Forward

0 new messages