{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-24514", "assignerOrgId": "a6081bf6-c852-4425-ad4f-a67919267565", "state": "PUBLISHED", "assignerShortName": "kubernetes", "dateReserved": "2026-01-23T06:54:35.913Z", "datePublished": "2026-02-03T22:17:25.137Z", "dateUpdated": "2026-02-18T17:29:47.895Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "affected", "product": "ingress-nginx", "repo": "https://github.com/kubernetes/ingress-nginx", "vendor": "Kubernetes", "versions": [{"lessThan": "1.13.7", "status": "affected", "version": "0", "versionType": "semver"}, {"lessThan": "1.14.3", "status": "affected", "version": "0", "versionType": "semver"}]}], "datePublic": "2026-02-02T14:00:00.000Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "A security issue was discovered in ingress-nginx&nbsp;where the validating admission controller feature is subject to a denial of service condition. By sending large requests to the validating admission controller, an attacker can cause memory consumption, which may result in the ingress-nginx controller pod being killed or the node running out of memory.<br>"}], "value": "A security issue was discovered in ingress-nginx\u00a0where the validating admission controller feature is subject to a denial of service condition. By sending large requests to the validating admission controller, an attacker can cause memory consumption, which may result in the ingress-nginx controller pod being killed or the node running out of memory."}], "impacts": [{"capecId": "CAPEC-130", "descriptions": [{"lang": "en", "value": "CAPEC-130 Excessive Allocation"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-770", "description": "CWE-770 Allocation of Resources Without Limits or Throttling", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "a6081bf6-c852-4425-ad4f-a67919267565", "shortName": "kubernetes", "dateUpdated": "2026-02-18T17:29:47.895Z"}, "references": [{"url": "https://github.com/kubernetes/kubernetes/issues/136680"}], "credits": [{"lang": "en", "value": "Matan Shabtay", "type": "finder"}], "source": {"discovery": "UNKNOWN"}, "title": "ingress-nginx Admission Controller denial of service", "x_generator": {"engine": "Vulnogram 0.5.0"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-02-04T14:38:55.187293Z", "id": "CVE-2026-24514", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-02-04T14:39:16.786Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-24514", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-02-04T14:38:55.187293Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-02-04T14:39:10.315Z"}}], "cna": {"title": "ingress-nginx Admission Controller denial of service", "source": {"discovery": "UNKNOWN"}, "credits": [{"lang": "en", "type": "finder", "value": "Matan Shabtay"}], "impacts": [{"capecId": "CAPEC-130", "descriptions": [{"lang": "en", "value": "CAPEC-130 Excessive Allocation"}]}], "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.5, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"repo": "https://github.com/kubernetes/ingress-nginx", "vendor": "Kubernetes", "product": "ingress-nginx", "versions": [{"status": "affected", "version": "0", "lessThan": "1.13.7", "versionType": "semver"}, {"status": "affected", "version": "0", "lessThan": "1.14.3", "versionType": "semver"}], "defaultStatus": "affected"}], "datePublic": "2026-02-02T14:00:00.000Z", "references": [{"url": "https://github.com/kubernetes/kubernetes/issues/136680"}], "x_generator": {"engine": "Vulnogram 0.5.0"}, "descriptions": [{"lang": "en", "value": "A security issue was discovered in ingress-nginx\u00a0where the validating admission controller feature is subject to a denial of service condition. By sending large requests to the validating admission controller, an attacker can cause memory consumption, which may result in the ingress-nginx controller pod being killed or the node running out of memory.", "supportingMedia": [{"type": "text/html", "value": "A security issue was discovered in ingress-nginx&nbsp;where the validating admission controller feature is subject to a denial of service condition. By sending large requests to the validating admission controller, an attacker can cause memory consumption, which may result in the ingress-nginx controller pod being killed or the node running out of memory.<br>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-770", "description": "CWE-770 Allocation of Resources Without Limits or Throttling"}]}], "providerMetadata": {"orgId": "a6081bf6-c852-4425-ad4f-a67919267565", "shortName": "kubernetes", "dateUpdated": "2026-02-18T17:29:47.895Z"}}}, "cveMetadata": {"cveId": "CVE-2026-24514", "state": "PUBLISHED", "dateUpdated": "2026-02-18T17:29:47.895Z", "dateReserved": "2026-01-23T06:54:35.913Z", "assignerOrgId": "a6081bf6-c852-4425-ad4f-a67919267565", "datePublished": "2026-02-03T22:17:25.137Z", "assignerShortName": "kubernetes"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "A security issue was discovered in ingress-nginx\u00a0where the validating admission controller feature is subject to a denial of service condition. By sending large requests to the validating admission controller, an attacker can cause memory consumption, which may result in the ingress-nginx controller pod being killed or the node running out of memory."}, {"lang": "es", "value": "Se descubri\u00f3 un problema de seguridad en ingress-nginx donde la caracter\u00edstica del controlador de admisi\u00f3n validador est\u00e1 sujeta a una condici\u00f3n de denegaci\u00f3n de servicio. Al enviar solicitudes grandes al controlador de admisi\u00f3n validador, un atacante puede causar consumo de memoria, lo que puede resultar en la terminaci\u00f3n del pod del controlador ingress-nginx o en que el nodo se quede sin memoria."}], "id": "CVE-2026-24514", "lastModified": "2026-04-15T00:35:42.020", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 3.6, "source": "jordan@liggitt.net", "type": "Secondary"}]}, "published": "2026-02-03T23:16:07.280", "references": [{"source": "jordan@liggitt.net", "url": "https://github.com/kubernetes/kubernetes/issues/136680"}], "sourceIdentifier": "jordan@liggitt.net", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-770"}], "source": "jordan@liggitt.net", "type": "Secondary"}]}

{}

{"analysis": {"en": {"generated_at": "2026-04-17T23:59:12.879384+00:00", "value": {"mitigation_remediation": ["Upgrade ingress-nginx to a version that incorporates the fix for the admission controller denial of service issue.", "Configure maximum request size limits in the ingress controller or use Kubernetes admission hooks to reject excessive payloads before they consume controller memory.", "If the validating admission controller is unnecessary for your cluster, disable it to eliminate the attack surface until a patch is applied."], "summary": {"action": "Patch Now", "impact": "Denial of Service"}, "threat_synthesis": {"affected_systems": "The flaw affects installations of the Kubernetes ingress-nginx controller; specific affected versions are not listed in the advisory, so all deployments using ingress-nginx should be examined for the potential presence of the issue.", "description_and_impact": "A denial of service condition exists in the ingress-nginx validating admission controller, allowing the attacker to send oversized requests that consume memory resources. The vulnerability aligns with CWE-770: Exhaustion of Resource. The impact is direct memory overuse that may lead to the controller pod termination or node out\u2011of\u2011memory situations, disrupting service availability for the affected workloads.", "risk_and_exploitability": "The CVSS score is 6.5, indicating moderate severity. The EPSS probability is less than 1%, suggesting a low likelihood of exploitation at the time of analysis, and the vulnerability is not in the CISA KEV catalog. Likely attack vectors involve an external attacker sending large requests to the API server that triggers the admission controller of ingress-nginx. No additional prerequisites are noted beyond the ability to target the controller."}}}}, "created": "2026-02-04T12:05:35.026301+00:00", "updated": "2026-04-18T00:00:09.499496+00:00", "vendors": ["kubernetes", "kubernetes$PRODUCT$ingress-nginx"]}