Injection Vulnerability in NGINX Ingress Controller Affects F5 Networks
CVE-2026-55723
What is CVE-2026-55723?
An injection vulnerability exists within the NGINX Ingress Controller when it is utilized with Custom Resource Definitions (CRDs) or Ingress annotations. This issue allows an authenticated attacker with the requisite permissions to manipulate CRDs or annotations via the Kubernetes API. By injecting arbitrary values, the attacker can alter the generated NGINX configuration in unintended ways, potentially enabling unauthorized configuration directives, which may lead to file creation or deletion, as well as service disruptions. Importantly, the risk is confined to control plane operations, presenting significant implications for security management and system integrity.
Affected Version(s)
NGINX Ingress Controller 5.0.0 < 5.5.2
NGINX Ingress Controller 2026-lts-r1 < 2026-lts-r3