๐Ÿ” CVE Alert

CVE-2026-52865

MEDIUM 6.5

NGINX Ingress Controller vulnerability

CVSS Score
6.5
EPSS Score
0.0%
EPSS Percentile
0th

When NGINX Ingress Controller processes Ingress or TransportServer resources, an authenticated, remote attacker with permission to create or modify Ingress or TransportServer resources can cause the NGINX Ingress Controller process to terminate. Impact: The NGINX Ingress Controller control plane process terminates and enters a persistent crash loop while the malformed Ingress or TransportServer resource remains in the cluster. This vulnerability allows a remote, authenticated attacker with at least Ingress or TransportServer resource write access to cause a denial-of-service (DoS) on the NGINX Ingress Controller system. There is no data plane exposure; this is a control plane issue only. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

CWE CWE-476
Vendor f5
Product nginx ingress controller
Published Jul 15, 2026
Last Updated Jul 15, 2026
Stay Ahead of the Next One

Get instant alerts for f5 nginx ingress controller

Be the first to know when new medium vulnerabilities affecting f5 nginx ingress controller are published โ€” delivered to Slack, Telegram or Discord.

Get Free Alerts โ†’ Free ยท No credit card ยท 60 sec setup

CVSS v3 Breakdown

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High

Affected Versions

F5 / NGINX Ingress Controller
5.0.0 < 5.5.2 2026-lts-r1 < 2026-lts-r3

References

NVD โ†— CVE.org โ†— EPSS Data โ†—
my.f5.com: https://my.f5.com/manage/s/article/K000161834

Credits

F5