CVE-2026-24514
Unknown Unknown - Not Provided
Denial of Service in ingress-nginx Validating Admission Controller

Publication date: 2026-02-03

Last updated on: 2026-02-03

Assigner: Kubernetes

Description
A security issue was discovered in ingress-nginx where the validating admission controller feature is subject to a denial of service condition. By sending large requests to the validating admission controller, an attacker can cause memory consumption, which may result in the ingress-nginx controller pod being killed or the node running out of memory.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-02-03
Last Modified
2026-02-03
Generated
2026-06-16
AI Q&A
2026-02-04
EPSS Evaluated
2026-06-15
NVD
CVE-2026-24514
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
ingress-nginx ingress-nginx *
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-770 The product allocates a reusable resource or group of resources on behalf of an actor without imposing any intended restrictions on the size or number of resources that can be allocated.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability exists in ingress-nginx's validating admission controller feature. An attacker can exploit it by sending large requests to the validating admission controller, which causes excessive memory consumption.

As a result, the ingress-nginx controller pod may be killed or the node running it may run out of memory, leading to a denial of service condition.

Impact Analysis

The impact of this vulnerability is a denial of service condition. Specifically, it can cause the ingress-nginx controller pod to be terminated or cause the node to run out of memory.

This can disrupt the availability of services relying on ingress-nginx, potentially causing downtime or degraded performance.

Compliance Impact

I don't know

Detection Guidance

I don't know

Mitigation Strategies

I don't know

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-24514. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart