CVE-2026-24514

A security issue was discovered in ingress-nginx where the validating admission controller feature is subject to a denial of service condition. By sending large requests to the validating admission controller, an attacker can cause memory consumption, which may result in the ingress-nginx controller pod being killed or the node running out of memory.

CVSS v3 6.5 MEDIUM

6.5^/10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 2.8 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://github.com/kubernetes/kubernetes/issues/136680

Configurations

No configuration.

History

15 Apr 2026, 00:35

Type	Values Removed	Values Added
Summary		(es) Se descubrió un problema de seguridad en ingress-nginx donde la característica del controlador de admisión validador está sujeta a una condición de denegación de servicio. Al enviar solicitudes grandes al controlador de admisión validador, un atacante puede causar consumo de memoria, lo que puede resultar en la terminación del pod del controlador ingress-nginx o en que el nodo se quede sin memoria.

03 Feb 2026, 23:16

Type	Values Removed	Values Added
New CVE

Information

Published : 2026-02-03 23:16

Updated : 2026-04-15 00:35

NVD link : CVE-2026-24514

Mitre link : CVE-2026-24514

CVE.ORG link : CVE-2026-24514

JSON object : View

Products Affected

No product.

CWE

CWE-770

Allocation of Resources Without Limits or Throttling

6.5 /10