Ce mail provient de l'extérieur, restons vigilants

=====================================================================

                            CERT-Renater

                Note d'Information No. 2026/VULN108
_____________________________________________________________________

DATE                : 03/02/2026

HARDWARE PLATFORM(S): /

OPERATING SYSTEM(S): Systems running ingress-nginx versions prior
                                   to 1.13.7, 1.14.3.

=====================================================================
https://groups.google.com/g/kubernetes-security-announce/c/AqhHgDj5n98
_____________________________________________________________________

[Security Advisory] Multiple issues in ingress-nginx

Tabitha Sable
2 févr. 2026, 17:43:05 
à kubernete...@googlegroups.com,dev,kubernetes-sec...@googlegroups.com,
kubernetes-se...@googlegroups.com,distributo...@kubernetes.io


Hello Kubernetes Community,

Multiple issues are disclosed today in ingress-nginx, and assigned the
following CVE IDs: CVE-2026-1580, CVE-2026-24512, CVE-2026-24513,
CVE-2026-24514.

The most serious of these issues have been rated HIGH
(CVSS calculator, score: 8.8).


Am I vulnerable?

This issue affects ingress-nginx. If you do not have ingress-nginx
installed on your cluster, you are not affected. You can check this
by running
`kubectl get pods --all-namespaces --selector app.kubernetes.io/name=ingress-nginx`.


Affected Versions

    ingress-nginx: < v1.13.7

    ingress-nginx: < v1.14.3


How do I mitigate this vulnerability?

ACTION REQUIRED: The following steps must be taken to mitigate this
vulnerability: Upgrade ingress-nginx to v1.13.7, v1.14.3, or any
later version.

Certain of these issues can be partially mitigated before patching.
Please see their respective GitHub issues.


Fixed Versions

    ingress-nginx: v1.13.7

    ingress-nginx: v1.14.3


How to upgrade?

To upgrade, refer to the documentation: Upgrading Ingress-nginx


Detection

Detection information for most of the vulns can be found in their
respective GitHub issues.

If you find evidence that this vulnerability has been exploited, please
contact secu...@kubernetes.io


Additional Details

For further information, please see the following GitHub issues:

    CVE-2026-1580

    CVE-2026-24512

    CVE-2026-24513

    CVE-2026-24514


Thank You,

Tabitha Sable, on behalf of the Kubernetes Security Response Committee

=========================================================
+ CERT-RENATER        |    tel : 01-53-94-20-44         +
+ 23/25 Rue Daviel    |    fax : 01-53-94-20-41         +
+ 75013 Paris         |   email:cert@support.renater.fr +
=========================================================