{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-24513", "assignerOrgId": "a6081bf6-c852-4425-ad4f-a67919267565", "state": "PUBLISHED", "assignerShortName": "kubernetes", "dateReserved": "2026-01-23T06:54:35.913Z", "datePublished": "2026-02-03T22:17:17.315Z", "dateUpdated": "2026-02-18T17:29:42.496Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "affected", "product": "ingress-nginx", "repo": "https://github.com/kubernetes/ingress-nginx", "vendor": "Kubernetes", "versions": [{"lessThan": "1.13.7", "status": "affected", "version": "0", "versionType": "semver"}, {"lessThan": "1.14.3", "status": "affected", "version": "0", "versionType": "semver"}]}], "datePublic": "2026-02-02T14:00:00.000Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "A security issue was discovered in ingress-nginx where the protection afforded by the `auth-url` Ingress annotation may not be effective in the presence of a specific misconfiguration.<br>If the ingress-nginx controller is configured with a default custom-errors configuration that includes HTTP errors 401 or 403, and if the configured default custom-errors backend is defective and fails to respect the X-Code HTTP header, then an Ingress with the `auth-url` annotation may be accessed even when authentication fails.<br>Note that the built-in custom-errors backend works correctly. To trigger this issue requires an administrator to specifically configure ingress-nginx with a broken external component."}], "value": "A security issue was discovered in ingress-nginx\u00a0where the protection afforded by the `auth-url` Ingress annotation may not be effective in the presence of a specific misconfiguration.\n\nIf the ingress-nginx controller is configured with a default custom-errors configuration that includes HTTP errors 401 or 403, and if the configured default custom-errors backend is defective and fails to respect the X-Code HTTP header, then an Ingress with the `auth-url` annotation may be accessed even when authentication fails.\n\nNote that the built-in custom-errors backend works correctly. To trigger this issue requires an administrator to specifically configure ingress-nginx with a broken external component."}], "impacts": [{"capecId": "CAPEC-115", "descriptions": [{"lang": "en", "value": "CAPEC-115 Authentication Bypass"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 3.1, "baseSeverity": "LOW", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-754", "description": "CWE-754 Improper Check for Unusual or Exceptional Conditions", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "a6081bf6-c852-4425-ad4f-a67919267565", "shortName": "kubernetes", "dateUpdated": "2026-02-18T17:29:42.496Z"}, "references": [{"url": "https://github.com/kubernetes/kubernetes/issues/136679"}], "credits": [{"lang": "en", "value": "Aurelia Schittler", "type": "finder"}], "source": {"discovery": "UNKNOWN"}, "title": "ingress-nginx auth-url protection bypass", "x_generator": {"engine": "Vulnogram 0.5.0"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-02-04T18:20:39.187137Z", "id": "CVE-2026-24513", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-02-04T18:21:14.824Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-24513", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-02-04T18:20:39.187137Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-02-04T18:20:54.231Z"}}], "cna": {"title": "ingress-nginx auth-url protection bypass", "source": {"discovery": "UNKNOWN"}, "credits": [{"lang": "en", "type": "finder", "value": "Aurelia Schittler"}], "impacts": [{"capecId": "CAPEC-115", "descriptions": [{"lang": "en", "value": "CAPEC-115 Authentication Bypass"}]}], "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 3.1, "attackVector": "NETWORK", "baseSeverity": "LOW", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "LOW"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"repo": "https://github.com/kubernetes/ingress-nginx", "vendor": "Kubernetes", "product": "ingress-nginx", "versions": [{"status": "affected", "version": "0", "lessThan": "1.13.7", "versionType": "semver"}, {"status": "affected", "version": "0", "lessThan": "1.14.3", "versionType": "semver"}], "defaultStatus": "affected"}], "datePublic": "2026-02-02T14:00:00.000Z", "references": [{"url": "https://github.com/kubernetes/kubernetes/issues/136679"}], "x_generator": {"engine": "Vulnogram 0.5.0"}, "descriptions": [{"lang": "en", "value": "A security issue was discovered in ingress-nginx\u00a0where the protection afforded by the `auth-url` Ingress annotation may not be effective in the presence of a specific misconfiguration.\n\nIf the ingress-nginx controller is configured with a default custom-errors configuration that includes HTTP errors 401 or 403, and if the configured default custom-errors backend is defective and fails to respect the X-Code HTTP header, then an Ingress with the `auth-url` annotation may be accessed even when authentication fails.\n\nNote that the built-in custom-errors backend works correctly. To trigger this issue requires an administrator to specifically configure ingress-nginx with a broken external component.", "supportingMedia": [{"type": "text/html", "value": "A security issue was discovered in ingress-nginx where the protection afforded by the `auth-url` Ingress annotation may not be effective in the presence of a specific misconfiguration.<br>If the ingress-nginx controller is configured with a default custom-errors configuration that includes HTTP errors 401 or 403, and if the configured default custom-errors backend is defective and fails to respect the X-Code HTTP header, then an Ingress with the `auth-url` annotation may be accessed even when authentication fails.<br>Note that the built-in custom-errors backend works correctly. To trigger this issue requires an administrator to specifically configure ingress-nginx with a broken external component.", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-754", "description": "CWE-754 Improper Check for Unusual or Exceptional Conditions"}]}], "providerMetadata": {"orgId": "a6081bf6-c852-4425-ad4f-a67919267565", "shortName": "kubernetes", "dateUpdated": "2026-02-18T17:29:42.496Z"}}}, "cveMetadata": {"cveId": "CVE-2026-24513", "state": "PUBLISHED", "dateUpdated": "2026-02-18T17:29:42.496Z", "dateReserved": "2026-01-23T06:54:35.913Z", "assignerOrgId": "a6081bf6-c852-4425-ad4f-a67919267565", "datePublished": "2026-02-03T22:17:17.315Z", "assignerShortName": "kubernetes"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "A security issue was discovered in ingress-nginx\u00a0where the protection afforded by the `auth-url` Ingress annotation may not be effective in the presence of a specific misconfiguration.\n\nIf the ingress-nginx controller is configured with a default custom-errors configuration that includes HTTP errors 401 or 403, and if the configured default custom-errors backend is defective and fails to respect the X-Code HTTP header, then an Ingress with the `auth-url` annotation may be accessed even when authentication fails.\n\nNote that the built-in custom-errors backend works correctly. To trigger this issue requires an administrator to specifically configure ingress-nginx with a broken external component."}, {"lang": "es", "value": "Se descubri\u00f3 un problema de seguridad en ingress-nginx donde la protecci\u00f3n ofrecida por la anotaci\u00f3n Ingress 'auth-url' podr\u00eda no ser efectiva en presencia de una configuraci\u00f3n err\u00f3nea espec\u00edfica.\n\nSi el controlador ingress-nginx est\u00e1 configurado con una configuraci\u00f3n predeterminada de errores personalizados que incluye errores HTTP 401 o 403, y si el backend predeterminado de errores personalizados configurado es defectuoso y no respeta el encabezado HTTP X-Code, entonces se podr\u00eda acceder a un Ingress con la anotaci\u00f3n 'auth-url' incluso cuando la autenticaci\u00f3n falla.\n\nTenga en cuenta que el backend de errores personalizados integrado funciona correctamente. Para activar este problema se requiere que un administrador configure espec\u00edficamente ingress-nginx con un componente externo defectuoso."}], "id": "CVE-2026-24513", "lastModified": "2026-04-15T00:35:42.020", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 3.1, "baseSeverity": "LOW", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 1.6, "impactScore": 1.4, "source": "jordan@liggitt.net", "type": "Secondary"}]}, "published": "2026-02-03T23:16:07.130", "references": [{"source": "jordan@liggitt.net", "url": "https://github.com/kubernetes/kubernetes/issues/136679"}], "sourceIdentifier": "jordan@liggitt.net", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-754"}], "source": "jordan@liggitt.net", "type": "Secondary"}]}

{}

{"analysis": {"en": {"generated_at": "2026-04-17T23:59:30.743064+00:00", "value": {"mitigation_remediation": ["Verify that the custom-errors backend validates and respects the X-Code header, or use the default built\u2011in backend.", "Remove or correct any custom-errors configuration that maps 401 or 403 to a defective backend.", "Apply the latest ingress-nginx release that addresses this issue or consult vendor advisories for updates."], "summary": {"action": "Apply Fix", "impact": "Bypass of authentication protection in ingress-nginx"}, "threat_synthesis": {"affected_systems": "Affected deployments are Kubernetes ingress-nginx controllers that have been configured with a broken external custom-errors backend and that use the auth-url annotation for authentication. No specific product version is identified, so any release of ingress-nginx that allows this misconfiguration is potentially impacted.", "description_and_impact": "The vulnerability arises when ingress-nginx is configured with a default custom-errors mapping that includes HTTP error codes 401 or 403 and a defective external custom-errors backend that does not honor the X-Code header. Under these conditions, an Ingress resource annotated with auth-url can be accessed even though authentication has failed, effectively bypassing the intended protection. The consequence is that an attacker can reach resources behind the ingress without valid credentials, potentially exposing sensitive data or services.", "risk_and_exploitability": "The CVSS score of 3.1 indicates low severity, and the EPSS score of less than 1% suggests a very low probability of exploitation. The vulnerability is not in the CISA KEV catalog. Exploitation requires an administrator to configure a faulty custom-errors backend; thus the attack vector is limited to privileged access or supply of misconfigured components. The risk to most environments is low unless the misconfiguration exists."}}}}, "created": "2026-02-04T12:05:46.438518+00:00", "updated": "2026-04-18T00:00:09.500337+00:00", "vendors": ["kubernetes", "kubernetes$PRODUCT$ingress-nginx"]}