CVE-2026-24514 MEDIUM

CVE-2026-24514: ingress-nginx Admission Controller denial of service

Vendor Kubernetes

Product ingress-nginx

Weakness CWE-770 · Uncontrolled resource consumption

Published February 3, 2026

Last update February 18, 2026

View on NVD All CVEs

CVSS base score

6.5/10

Attack vector Network

Attack complexity Low

Privileges required Low

User interaction None

Confidentiality None

Integrity None

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

What the vulnerability does

Description

A security issue was discovered in ingress-nginx where the validating admission controller feature is subject to a denial of service condition. By sending large requests to the validating admission controller, an attacker can cause memory consumption, which may result in the ingress-nginx controller pod being killed or the node running out of memory.

Key dates

Disclosure timeline

February 3, 2026 CVE published

February 18, 2026 Record updated

Identifiers

CVE CVE-2026-24514

CWE CWE-770

CVSS 6.5 / MEDIUM

Affected versions

Vendor Kubernetes

Product ingress-nginx

Affected < 1.13.7

Vendor Kubernetes

Product ingress-nginx

Affected < 1.14.3