CVE-2026-24512 Nginx — Exploit & Vulnerability Details HIGH

CVE-2026-24512

HIGH CVSS 3.1: 8.8 EPSS 0.06%

Parameter	Value
CVSS	8.8 (HIGH)
Type	CWE-20 (Improper Input Validation)
Vendor	Nginx
Public PoC	No

A security issue was discovered in ingress-nginx cthe `rules.http.paths.path` Ingress field can be used to inject configuration into nginx. This can lead to arbitrary code execution in the context of the ingress-nginx controller, and disclosure of Secrets accessible to the controller. (Note that in the default installation, the controller can access all Secrets cluster-wide.)

Attack Parameters

Attack Vector

Network

Can be exploited remotely

Attack Complexity

Low

Easy to exploit

Privileges Required

Low

Basic privileges needed

User Interaction

None

No user interaction needed

Impact Assessment

Confidentiality

High

Complete data leak

Integrity

High

Complete data modification

Availability

High

Complete denial of service

CVSS Vector v3.1

Weakness Type (CWE)

CWE-20 Improper Input Validation

References 1

https://github.com/kubernetes/kubernetes/issues/136678

jordan@liggitt.net

Share Post Share Share Share

Related Vulnerabilities

CVE-2026-3288

Nginx

8.8

CVE-2026-27944

Nginx

9.8

CVE-2026-27633

Nginx

8.7

CVE-2026-27630

Nginx

8.7

CVE-2026-25739

Nginx

5.4

Menu

CVE-2026-24512

Attack Parameters

Impact Assessment

CVSS Vector v3.1

Weakness Type (CWE)

References 1

Related Vulnerabilities

CVE-2026-3288

CVE-2026-27944

CVE-2026-27633

CVE-2026-27630

CVE-2026-25739

CVE Details

Editor's Choice

Menu

CVE-2026-24512

Attack Parameters

Impact Assessment

CVSS Vector v3.1

Weakness Type (CWE)

References 1

Related Vulnerabilities

CVE-2026-3288

CVE-2026-27944

CVE-2026-27633

CVE-2026-27630

CVE-2026-25739

CVE Details

Editor's Choice

Stay informed on cybersecurity