NGINX is a reverse proxy/load balancer that generally acts as the front-end web traffic receiver and directs it to the application service for data transformation. Ingress NGINX is a version used in Kubernetes as the controller for traffic coming into the infrastructure. It takes care of mapping traffic to pods of containers running jobs without exposing the pods themselves. Meghu says Ingress NGINX is the primary traffic entry point, and is effective due to its ability to reload its configuration on the fly, allowing it to adjust to changes inside a Kubernetes cluster.
These vulnerabilities only affect Ingress NGINX versions 1.13.7 and below, and 1.14.3 and below, if they are installed on a Kubernetes cluster.
The warning comes just weeks before, as announced at KubeCon in November, support for Ingress NGINX ends. Starting in March, the project will no longer receive active maintenance, security patches, or bug fixes.
Experts have been urging Kubernetes administrators to shift to a new controller ever since. They recommend Kubernetes Gateway API as the standard for traffic management. Meghu notes it is vendor neutral and widely used. Other options are controllers such as Cilium Ingress, Traefik, or HAProxy Ingress.
In addition to CVE-2026-24512, the other new vulnerabilities are CVE-2026-24513, considered by Meghu a low risk since an attacker needs to have a config containing specific errors to exploit, and CVE-2026-24514, which Meghu considers a medium risk. The controller could be subject to a denial of service if an attacker overwhelms it with requests.
These are just the most recent issues with Ingress NGINX. Just over a year ago, researchers at Wiz discovered a group of holes dubbed IngressNightmare. They can allow unauthenticated users to inject malicious NGINX configurations and execute malicious code into the Ingress NGINX pod, potentially exposing all cluster secrets and leading to cluster takeover.
