๐Ÿ” CVE Alert

CVE-2026-55723

HIGH 8.3

NGINX Ingress Controller vulnerability

CVSS Score
8.3
EPSS Score
0.0%
EPSS Percentile
0th

When NGINX Ingress Controller is configured with Custom Resource Definitions (CRDs) or Ingress annotations, an injection vulnerability exists in the configuration generator of NGINX Ingress Controller. Multiple user-controllable fields are written into the generated NGINX configuration without sanitization. An authenticated attacker with permission to create or modify these CRDs or annotations may craft values that inject arbitrary NGINX configuration directives. Impact: An authenticated attacker granted write access to NGINX Ingress Controller CRDs or Ingress annotations through the Kubernetes API may be able to inject arbitrary NGINX configuration directives, create or delete files, or disable services. There is no data plane exposure; this is a control plane issue only. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

CWE CWE-76
Vendor f5
Product nginx ingress controller
Published Jul 15, 2026
Last Updated Jul 16, 2026
Stay Ahead of the Next One

Get instant alerts for f5 nginx ingress controller

Be the first to know when new high vulnerabilities affecting f5 nginx ingress controller are published โ€” delivered to Slack, Telegram or Discord.

Get Free Alerts โ†’ Free ยท No credit card ยท 60 sec setup

CVSS v3 Breakdown

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
Low

Affected Versions

F5 / NGINX Ingress Controller
5.0.0 < 5.5.2 2026-lts-r1 < 2026-lts-r3

References

NVD โ†— CVE.org โ†— EPSS Data โ†—
my.f5.com: https://my.f5.com/manage/s/article/K000161800

Credits

F5