Severity by source
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Network-reachable with low complexity and no interaction, but requires RBAC write privileges (PR:L); impact is an availability-only crash loop, so C:N/I:N/A:H with scope unchanged.
Primary rating from Vendor (f5).
CVSS VectorVendor: f5
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Lifecycle Timeline
4DescriptionCVE.org
When NGINX Ingress Controller processes Ingress or TransportServer resources, an authenticated, remote attacker with permission to create or modify Ingress or TransportServer resources can cause the NGINX Ingress Controller process to terminate.
Impact: The NGINX Ingress Controller control plane process terminates and enters a persistent crash loop while the malformed Ingress or TransportServer resource remains in the cluster. This vulnerability allows a remote, authenticated attacker with at least Ingress or TransportServer resource write access to cause a denial-of-service (DoS) on the NGINX Ingress Controller system. There is no data plane exposure; this is a control plane issue only.
Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
AnalysisAI
Denial of service in F5 NGINX Ingress Controller allows an authenticated remote attacker holding write access to Ingress or TransportServer resources to crash the control plane by submitting a malformed resource. Because the offending resource persists in the cluster, the controller re-reads it and re-crashes, producing a durable crash loop rather than a one-time outage. …
Unlock full vulnerability intelligence
- Risk assessment & exploitation conditions
- Attack chain visualization
- Remediation with exact patch versions
- Threat intelligence from 22 sources
- Personal watchlist & email alerts
Free forever · No credit card required
Attack ChainAIDerived
Hypothetical attack flow derived from CVE metadata
Vulnerability AssessmentAI
| Exploitation | The attacker must be an authenticated principal with Kubernetes RBAC write access (create or modify) to Ingress or TransportServer resources processed by the F5 NGINX Ingress Controller - this is the exact, concrete prerequisite reflected in CVSS PR:L. … Additional conditions and limiting factors are described in the full assessment. |
| Risk Assessment | The vendor CVSS 4.0 score is 7.1 (AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H) - network-reachable, low complexity, no user interaction, but requiring low privileges and yielding only availability impact. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in. |
| Exploit Scenario | An attacker who has obtained a Kubernetes account with namespaced permission to create Ingress or TransportServer resources - for example a tenant in a shared cluster or a compromised CI/CD pipeline service account - submits a specially malformed resource. The NGINX Ingress Controller reads the object, hits the null pointer dereference, and crashes; because the resource remains in etcd, the controller crash-loops on every restart, denying ingress reconciliation cluster-wide. … |
| Remediation | Patch available per vendor advisory - upgrade F5 NGINX Ingress Controller to the fixed release listed in F5 article K000161834 (https://my.f5.com/manage/s/article/K000161834); the exact fixed version is not enumerated in the provided data and must be taken from that advisory. … Detailed patch versions, workarounds, and compensating controls in full report. |
Recommended ActionAI
Within 24 hours, inventory all F5 NGINX Ingress Controller deployments and document their versions against the vendor advisory for CVE-2026-52865. …
Sign in for detailed remediation steps and compensating controls.
Threat intelligence, references, and detailed analysis are available after sign-in.
More in Nginx Ingress Controller
View allConfiguration injection in F5 NGINX Ingress Controller lets an authenticated Kubernetes user with rights to create or mo
NGINX Open Source before versions 1.23.2 and 1.22.1, NGINX Open Source Subscription before versions R2 P1 and R1 P1, and
NGINX Open Source before versions 1.23.2 and 1.22.1, NGINX Open Source Subscription before versions R2 P1 and R1 P1, and
NGINX Plus before versions R27 P1 and R26 P1 have a vulnerability in the module ngx_http_hls_module that might allow a l
In versions 2.x before 2.3.0 and all versions of 1.x, An attacker authorized to create or update ingress objects can obt
NGINX proxy configurations forwarding traffic to upstream TLS servers can be exploited by network-positioned attackers t
A session fixation issue was discovered in the NGINX OpenID Connect reference implementation, where a nonce was not chec
Same weakness CWE-476 – NULL Pointer Dereference
View allSame technique Denial Of Service
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-44681
GHSA-gv6x-94m7-c6hh