Impact:
The NGINX Ingress Controller control plane process terminates and enters a persistent crash loop while the malformed Ingress or TransportServer resource remains in the cluster. This vulnerability allows a remote, authenticated attacker with at least Ingress or TransportServer resource write access to cause a denial-of-service (DoS) on the NGINX Ingress Controller system. There is no data plane exposure; this is a control plane issue only.
Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
No analysis available yet.
No remediation available yet.
Tracking
Sign in to view the affected projects.
No advisories yet.
| Link | Providers |
|---|---|
| https://my.f5.com/manage/s/article/K000161834 |
|
Wed, 15 Jul 2026 19:30:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| First Time appeared |
F5
F5 nginx Ingress Controller |
|
| Vendors & Products |
F5
F5 nginx Ingress Controller |
Wed, 15 Jul 2026 16:30:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Metrics |
ssvc
|
Wed, 15 Jul 2026 15:00:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Description | When NGINX Ingress Controller processes Ingress or TransportServer resources, an authenticated, remote attacker with permission to create or modify Ingress or TransportServer resources can cause the NGINX Ingress Controller process to terminate. Impact: The NGINX Ingress Controller control plane process terminates and enters a persistent crash loop while the malformed Ingress or TransportServer resource remains in the cluster. This vulnerability allows a remote, authenticated attacker with at least Ingress or TransportServer resource write access to cause a denial-of-service (DoS) on the NGINX Ingress Controller system. There is no data plane exposure; this is a control plane issue only. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. | |
| Title | NGINX Ingress Controller vulnerability | |
| Weaknesses | CWE-476 | |
| References |
| |
| Metrics |
cvssV3_1
|
Status: PUBLISHED
Assigner: f5
Published:
Updated: 2026-07-15T15:36:57.172Z
Reserved: 2026-06-17T23:45:50.281Z
Link: CVE-2026-52865
Updated: 2026-07-15T15:36:53.176Z
No data.
No data.
OpenCVE Enrichment
Updated: 2026-07-15T19:15:14Z
-
CWE-476
NULL Pointer Dereference