Two carry CVSS scores of 8.8, demanding that admins upgrade to the latest versions of the controller.

CSO Online offers insights into cybersecurity, risk management, and IT leadership, providing articles, reports, and expert analysis to help security professionals navigate the evolving threat landscape and protect their organizations from cyber attacks. By exploring CSO Online's curated content, CISOs, security managers, and IT executives can learn about threat intelligence, security frameworks, and incident response strategies for building resilient cybersecurity programs. Whether you're defending against ransomware, phishing attacks, or insider threats, CSO Online offers resources to strengthen your security posture and safeguard your digital assets.

CSO Online

Four security vulnerabilities have been discovered in Ingress NGINX, a widely-used Kubernetes traffic controller. Two critical flaws (CVE-2026-1580 and CVE-2026-24512) carry CVSS scores of 8.8, with the latter enabling configuration injection and arbitrary code execution. The vulnerabilities affect versions 1.13.7 and below, and 1.14.3 and below. Administrators must upgrade immediately or migrate to alternatives like Kubernetes Gateway API, as Ingress NGINX support ends in March 2026. The timing is critical given the project's imminent retirement and lack of future security patches.

Four new vulnerabilities found in Ingress NGINX