Lucene search
K

13 matches found

OSV
OSV
added 2026/06/24 11:7 a.m.5 views

BIT-NGINX-GATEWAY-FABRIC-2026-11311 NGINX Gateway Fabric vulnerability

When NGINX Plus is configured as the data plane for NGINX Gateway Fabric, an injection vulnerability exists in the NGINX configuration generator component of NGINX Gateway Fabric. User-supplied string values from the NginxProxy Custom Resource Definition serverTokens field and the...

8.6CVSS6AI score0.00567EPSS
Exploits0References2
NVD
NVD
added 2026/06/17 8:16 p.m.11 views

CVE-2026-32682

When NGINX Gateway Fabric is configured using GRPCRoutes, an authenticated, remote attacker with permission to create or modify GRPCRoute resources can cause the NGINX Gateway Fabric control plane to terminate by sending undisclosed GRPCRoute configurations containing backendRef filters. Note:...

7.1CVSS0.00292EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/17 8:5 p.m.9 views

EUVD-2026-37793

When NGINX Gateway Fabric is configured using GRPCRoutes, an authenticated, remote attacker with permission to create or modify GRPCRoute resources can cause the NGINX Gateway Fabric control plane to terminate by sending undisclosed GRPCRoute configurations containing backendRef filters. Note:...

7.1CVSS5.4AI score0.00292EPSS
Exploits0References1
CVE
CVE
added 2026/06/17 8:4 p.m.84 views

CVE-2026-50107

CVE-2026-50107 : Affects NGINX Plus or NGINX Open Source used as the data plane for NGINX Gateway Fabric. The vulnerability lies in the configuration generator component: user-supplied values from the NginxProxy CRD access log format setting are rendered directly into NGINX configuration template...

8.6CVSS5.7AI score0.00492EPSS
Exploits0References1Affected Software1
EUVD
EUVD
added 2026/06/17 8:4 p.m.11 views

EUVD-2026-37792

When NGINX Plus or NGINX Open Source is configured as the data plane for NGINX Gateway Fabric, an injection vulnerability exists in the NGINX configuration generator component of NGINX Gateway Fabric. User-supplied string values from the NginxProxy Custom Resource Definition CRD access log format...

8.6CVSS5.6AI score0.00492EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/17 8:4 p.m.19 views

CVE-2026-50107 NGINX Gateway Fabric vulnerability

When NGINX Plus or NGINX Open Source is configured as the data plane for NGINX Gateway Fabric, an injection vulnerability exists in the NGINX configuration generator component of NGINX Gateway Fabric. User-supplied string values from the NginxProxy Custom Resource Definition CRD access log format...

8.6CVSS0.00492EPSS
Exploits0References1
F5 Networks
F5 Networks
added 2026/06/17 7:46 p.m.17 views

K000161785: NGINX Gateway Fabric vulnerability CVE-2026-50107

Security Advisory Description When NGINX Plus or NGINX Open Source is configured as the data plane for NGINX Gateway Fabric, an injection vulnerability exists in the NGINX configuration generator component of NGINX Gateway Fabric. User-supplied string values from the NginxProxy Custom Resource...

8.6CVSS5.5AI score0.00492EPSS
Exploits0Affected Software1
F5 Networks
F5 Networks
added 2026/06/17 7:45 p.m.13 views

K000161786: NGINX Gateway Fabric vulnerability CVE-2026-32682

Security Advisory Description When NGINX Gateway Fabric is configured using GRPCRoutes, an authenticated, remote attacker with permission to create or modify GRPCRoute resources can cause the NGINX Gateway Fabric control plane to terminate by sending undisclosed GRPCRoute configurations containin...

7.1CVSS5.3AI score0.00292EPSS
Exploits0Affected Software1
NVD
NVD
added 2026/06/17 3:16 p.m.13 views

CVE-2026-11311

When NGINX Plus is configured as the data plane for NGINX Gateway Fabric, an injection vulnerability exists in the NGINX configuration generator component of NGINX Gateway Fabric. User-supplied string values from the NginxProxy Custom Resource Definition serverTokens field and the...

8.6CVSS0.00567EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/17 2:4 p.m.23 views

CVE-2026-11311 NGINX Gateway Fabric vulnerability

When NGINX Plus is configured as the data plane for NGINX Gateway Fabric, an injection vulnerability exists in the NGINX configuration generator component of NGINX Gateway Fabric. User-supplied string values from the NginxProxy Custom Resource Definition serverTokens field and the...

8.6CVSS0.00567EPSS
Exploits0References1
F5 Networks
F5 Networks
added 2026/06/17 1:43 p.m.13 views

K000161611: NGINX Gateway Fabric vulnerability CVE-2026-11311

Security Advisory Description When NGINX Plus is configured as the data plane for NGINX Gateway Fabric, an injection vulnerability exists in the NGINX configuration generator component of NGINX Gateway Fabric. User-supplied string values from the NginxProxy Custom Resource Definition serverTokens...

8.6CVSS5.5AI score0.00567EPSS
Exploits0Affected Software1
Positive Technologies
Positive Technologies
added 2026/06/17 12:0 a.m.20 views

PT-2026-50537

Name of the Vulnerable Software and Affected Versions NGINX Gateway Fabric affected versions not specified Description An injection issue exists in the NGINX configuration generator component of NGINX Gateway Fabric when NGINX Plus or NGINX Open Source is used as the data plane. User-supplied...

8.6CVSS5.4AI score0.00492EPSS
Exploits0References9
Positive Technologies
Positive Technologies
added 2026/06/17 12:0 a.m.23 views

PT-2026-50533

Name of the Vulnerable Software and Affected Versions NGINX Gateway Fabric affected versions not specified Description When configured using GRPCRoutes, an authenticated remote attacker with permissions to create or modify GRPCRoute resources can cause the control plane to terminate. This occurs ...

7.1CVSS5.9AI score0.00292EPSS
Exploits0References7
Rows per page
Query Builder