CVE-2026-32682

MEDIUM 6.5

NGINX Gateway Fabric vulnerability

CVSS Score

6.5

EPSS Score

0.0%

EPSS Percentile

0th

When NGINX Gateway Fabric is configured using GRPCRoutes, an authenticated, remote attacker with permission to create or modify GRPCRoute resources can cause the NGINX Gateway Fabric control plane to terminate by sending undisclosed GRPCRoute configurations containing backendRef filters. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

CWE	CWE-129
Vendor	f5
Product	nginx gateway fabric
Published	Jun 17, 2026

Stay Ahead of the Next One

Get instant alerts for f5 nginx gateway fabric

Be the first to know when new medium vulnerabilities affecting f5 nginx gateway fabric are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

CVSS v3 Breakdown

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Attack Vector

Network

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

None

Availability

High

Affected Versions

F5 / NGINX Gateway Fabric

1.3.0 < 2.6.4

References

NVD ↗ CVE.org ↗ EPSS Data ↗

my.f5.com: https://my.f5.com/manage/s/article/K000161786

CVE-2026-32682

NGINX Gateway Fabric vulnerability

Get instant alerts for f5 nginx gateway fabric

CVSS v3 Breakdown

Affected Versions

References

Credits