CVE-2026-24512 – Ingress-NGINX Improper Request Handling Vulnerability

CVE-2026-24512 affects ingress-nginx, the widely used Kubernetes Ingress Controller, where improper request handling and validation logic can allow crafted requests to bypass expected controls. Under certain conditions, this behavior may enable an attacker to reach backend services or paths that should not be externally accessible, increasing the risk of data exposure or unauthorized interaction with internal applications.

The vulnerability has been assigned a CVSS v3.1 score of 6.5 (Medium). Exploitation does not require deep system access but depends on how ingress-nginx is configured and exposed. While the impact is limited by deployment design, affected environments could face confidentiality and security boundary risks if the issue is abused. A patch has been released to correct the request handling logic and restore proper enforcement of ingress rules. There are no confirmed reports of real-world exploitation or zero-day attacks at the time of disclosure.