CVE-2026-24514 — Vulnetix

CVE-2026-24514 PUBLISHED

A security issue was discovered in ingress-nginx where the validating admission controller feature is subject to a denial of service condition. By sending large requests to the validating admission controller, an attacker can cause memory consumption, which may result in the ingress-nginx controller pod being killed or the node running out of memory.

EPSS 0.02% · 5.7th percentile

Risk Scores

EPSS Score

0.02%

5.7th percentile

Affected Products

Vendor	Product	Versions
Bitnami	nginx-ingress-controller	0, 1.14.0
Bitnami	nginx-ingress-controller	0, 1.14.0

Timeline

Feb 2, 2026 PoC Published
Feb 3, 2026 PoC Published
Feb 3, 2026 PoC Published
Feb 3, 2026 CVE Published
Feb 4, 2026 EPSS Score
Feb 4, 2026 PoC Published
Feb 4, 2026 PoC Published
Feb 4, 2026 PoC Published
Feb 4, 2026 PoC Published
Feb 6, 2026 EPSS Score
Feb 8, 2026 EPSS Score
Feb 11, 2026 EPSS Score

References

https://github.com/kubernetes/kubernetes/issues/136680 url
https://nvd.nist.gov/vuln/detail/CVE-2026-24514 url

Open in Interactive Console →