Denial-of-Service Vulnerability in NGINX Ingress Controller by F5 Networks
CVE-2026-52865
7.1HIGH
What is CVE-2026-52865?
An authenticated, remote attacker who possesses write access to Ingress or TransportServer resources can exploit a vulnerability in the NGINX Ingress Controller. By crafting a malformed Ingress or TransportServer resource, the attacker can cause the controller's process to terminate, leading to a persistent crash loop. This results in a denial-of-service condition affecting the control plane of the NGINX Ingress Controller, impacting its stability and availability without exposing any data plane vulnerabilities.
Affected Version(s)
NGINX Ingress Controller 5.0.0 < 5.5.2
NGINX Ingress Controller 2026-lts-r1 < 2026-lts-r3