CVE-2026-24514

MEDIUM

ingress-nginx < 1.13.7 and < 1.14.3 - Denial of Service via Validating Admission Controller

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 2 public exploits for CVE-2026-24514. PoCs published by XiaomingX, mbanyamer.

AI-analyzed exploit summary This repository contains a functional Python exploit for CVE-2026-24514, which targets a memory exhaustion vulnerability in the ingress-nginx validating admission webhook. The exploit sends oversized AdmissionReview requests to trigger excessive memory allocation, potentially causing OOMKill of controller pods.

Description

A security issue was discovered in ingress-nginx where the validating admission controller feature is subject to a denial of service condition. By sending large requests to the validating admission controller, an attacker can cause memory consumption, which may result in the ingress-nginx controller pod being killed or the node running out of memory.

Exploits (2)

github WORKING POC 10 stars
by XiaomingX · pythonpoc
https://github.com/XiaomingX/data-cve-poc-py-v1/tree/main/2026/CVE-2026-24514

This repository contains a functional Python exploit for CVE-2026-24514, which targets a memory exhaustion vulnerability in the ingress-nginx validating admission webhook. The exploit sends oversized AdmissionReview requests to trigger excessive memory allocation, potentially causing OOMKill of controller pods.

Classification
Working Poc 95%
Attack Type
Dos
Complexity
Trivial
Reliability
Reliable
Target: ingress-nginx < 1.13.7 / < 1.14.3 (with validating webhook enabled)
No auth needed
Prerequisites: ingress-nginx validating admission webhook enabled · network access to the webhook endpoint
devstral-2 · analyzed Feb 27, 2026 Full analysis →
nomisec WORKING POC
by mbanyamer · poc
https://github.com/mbanyamer/cve-2026-24514-Kubernetes-Dos

This repository contains a functional Python exploit for CVE-2026-24514, which targets a memory exhaustion vulnerability in the ingress-nginx validating admission webhook. The exploit sends oversized AdmissionReview requests to trigger excessive memory allocation, potentially causing OOMKill of controller pods.

Classification
Working Poc 95%
Attack Type
Dos
Complexity
Trivial
Reliability
Reliable
Target: ingress-nginx < 1.13.7 / < 1.14.3 (with validating webhook enabled)
No auth needed
Prerequisites: ingress-nginx validating admission webhook enabled · network access to the webhook endpoint
devstral-2 · analyzed Feb 20, 2026 Full analysis →

References (1)

Core 1

Scores

CVSS v3 6.5
EPSS 0.0004
EPSS Percentile 12.4%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CISA SSVC

Vulnrichment
Exploitation none
Automatable no
Technical Impact partial

Details

CWE
CWE-770
Status published
Products (3)
k8s.io/ingress-nginx 0 - 1.13.7Go
Kubernetes/ingress-nginx < 1.13.7
Kubernetes/ingress-nginx < 1.14.3
Published Feb 03, 2026
Tracked Since Feb 18, 2026