PatchSiren cyber security CVE debrief
CVE-2026-11311 F5 CVE debrief
CVE-2026-11311 is an injection vulnerability in the NGINX configuration generator component of NGINX Gateway Fabric. User-supplied string values from Custom Resource Definitions can be rendered directly into NGINX configuration templates without sanitization or escaping. An authenticated attacker with permission to create or modify these Custom Resource Definitions may craft values that inject arbitrary NGINX configuration directives. This issue is a control plane problem, with no data plane exposure from the vulnerability trigger itself. NGINX Gateway Fabric users and administrators should be aware of this vulnerability and take necessary actions to mitigate it.
- Vendor
- F5
- Product
- NGINX Gateway Fabric
- CVSS
- HIGH 8.6
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-06-17
- Original CVE updated
- 2026-07-02
- Advisory published
- 2026-06-17
- Advisory updated
- 2026-07-02
Who should care
NGINX Gateway Fabric users and administrators should be aware of this vulnerability and take necessary actions to mitigate it. This includes reviewing NGINX configurations, implementing additional security controls, and applying vendor-provided patches or updates. Affected operators, platforms, vulnerability-management teams, and security teams should prioritize this vulnerability based on their specific exposure and risk.
Technical summary
The vulnerability exists in the NGINX configuration generator component of NGINX Gateway Fabric. User-supplied string values from the NginxProxy Custom Resource Definition serverTokens field and the AuthenticationFilter Custom Resource Definition extraAuthArgs field are rendered directly into NGINX configuration templates without sanitization or escaping. This allows an authenticated attacker with permission to create or modify these Custom Resource Definitions to craft values that inject arbitrary NGINX configuration directives.
Defensive priority
High
Recommended defensive actions
- Review and update NGINX Gateway Fabric configurations to ensure proper sanitization and escaping of user-supplied string values.
- Implement additional security controls to monitor and restrict modifications to Custom Resource Definitions.
- Apply vendor-provided patches or updates to address the vulnerability.
- Confirm whether affected product deployments exist in managed environments and assign an owner for follow-up.
- Review the supplied official advisory or CVE record to validate affected scope, severity, and vendor guidance.
- Plan vendor-supported updates or mitigations through normal change control where exposure is confirmed.
- Check relevant monitoring, detection, and logs for exposed assets that need extra review.
Evidence notes
The CVE record was published on 2026-06-17T15:16:42.617Z and was last modified on 2026-07-02T20:01:39.157Z. The NVD entry is currently Analyzed. This information is based on the supplied source corpus. Defenders should verify the accuracy of this information within the context of their specific environment and review the official CVE record and NVD entry for further details.
Official resources
-
CVE-2026-11311 CVE record
CVE.org
-
CVE-2026-11311 NVD detail
NVD
-
Source item URL
nvd_modified
-
Mitigation or vendor reference
[email protected] - Vendor Advisory
AI-assisted PatchSiren debrief based on the supplied source corpus. The CVE record was published on 2026-06-17T15:16:42.617Z and has not been modified since then. The NVD entry is currently Analyzed.