CVE-2026-50107
Awaiting Analysis Awaiting Analysis - Queue
NGINX Gateway Fabric Configuration Injection Vulnerability

Publication date: 2026-06-17

Last updated on: 2026-06-17

Assigner: F5 Networks

Description
When NGINX Plus or NGINX Open Source is configured as the data plane for NGINX Gateway Fabric, an injection vulnerability exists in the NGINX configuration generator component of NGINX Gateway Fabric. User-supplied string values from the NginxProxy Custom Resource Definition (CRD) access log format setting are rendered directly into NGINX configuration templates without sanitization or escaping. An authenticated attacker with permission to create or modify these CRDs may craft values that inject arbitrary NGINX configuration directives. This is a control plane issue; there is no data plane exposure from the vulnerability trigger itself. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-06-17
Last Modified
2026-06-17
Generated
2026-06-18
AI Q&A
2026-06-18
EPSS Evaluated
N/A
NVD
CVE-2026-50107
Affected Vendors & Products
Showing 2 associated CPEs
Vendor Product Version / Range
nginx nginx_plus *
nginx nginx_open_source *
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-74 The product constructs all or part of a command, data structure, or record using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify how it is parsed or interpreted when it is sent to a downstream component.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability exists in the NGINX configuration generator component of NGINX Gateway Fabric when NGINX Plus or NGINX Open Source is used as the data plane. It occurs because user-supplied string values from the NginxProxy Custom Resource Definition (CRD) access log format setting are inserted directly into NGINX configuration templates without proper sanitization or escaping.

An authenticated attacker who has permission to create or modify these CRDs can exploit this flaw by crafting values that inject arbitrary NGINX configuration directives, potentially altering the behavior of the NGINX configuration.

This is a control plane issue, meaning the vulnerability affects the configuration management side rather than the data plane itself, and there is no direct data plane exposure from triggering this vulnerability.

Impact Analysis

Exploitation of this vulnerability allows an authenticated user with permission to modify NginxProxy CRDs to inject arbitrary configuration directives into the NGINX configuration.

This can lead to unauthorized changes in the behavior of the NGINX server, potentially causing security policy bypasses, misrouting of traffic, or other unintended effects controlled by the injected configuration.

Since the vulnerability is in the control plane, it does not directly expose data plane traffic but can indirectly impact the security and stability of the system by altering configuration.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-50107. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart