HIGH🇵🇱 Wersja polska

CVE-2026-32682

CVSS 7.1v4.0pub. 2026-06-17upd. 2026-07-02

When NGINX Gateway Fabric is configured using GRPCRoutes, an authenticated, remote attacker with permission to create or modify GRPCRoute resources can cause the NGINX Gateway Fabric control plane to terminate by sending undisclosed GRPCRoute configurations containing backendRef filters. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

CVSS Vector
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
  • F5 nginx Gateway Fabric

    APP
    F5
    1.3.0 – 1.6.22.0.0 – 2.6.4 (bez)
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
CWE
References

Related vulnerabilities

CVE-2026-42055CRITICAL9.2ten sam produkt

NGINX Plus and NGINX Open Source have a vulnerability in the ngx_http_proxy_v2_module and ngx_http_grpc_module...

CVE-2026-42530CRITICAL9.2ten sam produkt

NGINX Open Source has a vulnerability in the ngx_http_v3_module module. When NGINX Open Source is configured t...

CVE-2026-42945CRITICAL9.2PL ✓ten sam produkt

NGINX heap buffer overflow w module ngx_http_rewrite_module (RCE/restart)

CVE-2026-11311HIGH8.6ten sam produkt

When NGINX Plus is configured as the data plane for NGINX Gateway Fabric, an injection vulnerability exists in...

CVE-2026-50107HIGH8.6ten sam produkt

When NGINX Plus or NGINX Open Source is configured as the data plane for NGINX Gateway Fabric, an injection vu...