CVE-2026-24513
Authentication Bypass in ingress-nginx via Misconfigured Custom-Errors Backend
Publication date: 2026-02-03
Last updated on: 2026-02-03
Assigner: Kubernetes
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| ingress-nginx | ingress-nginx | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-754 | The product does not check or incorrectly checks for unusual or exceptional conditions that are not expected to occur frequently during day to day operation of the product. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability exists in ingress-nginx where the protection provided by the `auth-url` Ingress annotation may fail under certain misconfigurations.
Specifically, if the ingress-nginx controller is set up with a default custom-errors configuration that includes HTTP errors 401 or 403, and the backend handling these errors is defective and does not respect the X-Code HTTP header, then an Ingress resource using the `auth-url` annotation might be accessed even if authentication fails.
This issue only occurs if an administrator configures ingress-nginx with a broken external component for handling custom errors; the built-in custom-errors backend does not have this problem.
How can this vulnerability impact me? :
This vulnerability can allow unauthorized access to resources protected by the `auth-url` annotation in ingress-nginx if the system is misconfigured with a defective custom-errors backend.
Such unauthorized access could lead to exposure of sensitive information or services that were intended to be restricted by authentication.
However, the impact is limited by the requirement of a specific misconfiguration and the use of a broken external component, and the CVSS score indicates a low severity with limited confidentiality impact.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
I don't know
How can this vulnerability be detected on my network or system? Can you suggest some commands?
I don't know
What immediate steps should I take to mitigate this vulnerability?
To mitigate this vulnerability, ensure that the ingress-nginx controller is not configured with a defective custom-errors backend that fails to respect the X-Code HTTP header.
Use the built-in custom-errors backend instead of a custom or external one, as the built-in backend works correctly and does not allow bypassing authentication.
Avoid configuring ingress-nginx with a default custom-errors configuration that includes HTTP errors 401 or 403 pointing to a broken external component.