CVE-2026-24514

MEDIUM

Ingress-Nginx - DoS

Title source: llm

Description

A security issue was discovered in ingress-nginx where the validating admission controller feature is subject to a denial of service condition. By sending large requests to the validating admission controller, an attacker can cause memory consumption, which may result in the ingress-nginx controller pod being killed or the node running out of memory.

Exploits (2)

github WORKING POC 10 stars

by XiaomingX · pythonpoc

https://github.com/XiaomingX/data-cve-poc-py-v1/tree/main/2026/CVE-2026-24514

View Code ZIP pw:eip

nomisec WORKING POC

by mbanyamer · poc

https://github.com/mbanyamer/cve-2026-24514-Kubernetes-Dos

View Code ZIP pw:eip

References (1)

[Issue Tracking] https://github.com/kubernetes/kubernetes/issues/136680

Scores

CVSS v3 6.5

EPSS 0.0002

EPSS Percentile 3.8%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Classification

CWE

CWE-770

Status draft

Affected Products (1)

k8s.io/ingress-nginx < 1.13.7Go

Timeline

Published Feb 03, 2026

Tracked Since Feb 18, 2026