Medium severity6.5NVD Advisory· Published Feb 3, 2026· Updated Apr 15, 2026
CVE-2026-24514
CVE-2026-24514
Description
A security issue was discovered in ingress-nginx where the validating admission controller feature is subject to a denial of service condition. By sending large requests to the validating admission controller, an attacker can cause memory consumption, which may result in the ingress-nginx controller pod being killed or the node running out of memory.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
k8s.io/ingress-nginxGo | < 1.13.7 | 1.13.7 |
k8s.io/ingress-nginxGo | >= 1.14.0, < 1.14.3 | 1.14.3 |
Affected products
6- osv-coords5 versionspkg:apk/chainguard/ingress-nginx-controller-1.15pkg:apk/chainguard/ingress-nginx-controller-fips-1.15pkg:apk/wolfi/ingress-nginx-controller-1.15pkg:golang/k8s.io/ingress-nginxpkg:rpm/opensuse/govulncheck-vulndb&distro=openSUSE%20Leap%2015.6
< 0+ 4 more
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 1.13.7
- (no CPE)range: < 0.0.20260205T172317-150000.1.146.1
Patches
Vulnerability mechanics
References
3News mentions
0No linked articles in our index yet.