PatchSiren cyber security CVE debrief
CVE-2026-32682 F5 CVE debrief
An authenticated, remote attacker with permission to create or modify GRPCRoute resources can cause the NGINX Gateway Fabric control plane to terminate by sending undisclosed GRPCRoute configurations containing backendRef filters. This vulnerability exists in NGINX Gateway Fabric when configured using GRPCRoutes. The attacker must have permission to create or modify GRPCRoute resources to exploit this vulnerability.
- Vendor
- F5
- Product
- NGINX Gateway Fabric
- CVSS
- HIGH 7.1
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-06-17
- Original CVE updated
- 2026-07-02
- Advisory published
- 2026-06-17
- Advisory updated
- 2026-07-02
Who should care
Users of NGINX Gateway Fabric, especially those with GRPCRoutes configured, should verify their configurations and ensure they are running supported versions. This includes reviewing and validating GRPCRoute configurations for backendRef filters and monitoring the control plane for unexpected terminations.
Technical summary
The vulnerability exists in NGINX Gateway Fabric when configured using GRPCRoutes. An authenticated, remote attacker with permission to create or modify GRPCRoute resources can cause the NGINX Gateway Fabric control plane to terminate. This is achieved by sending undisclosed GRPCRoute configurations containing backendRef filters. The attacker must have permission to create or modify GRPCRoute resources to exploit this vulnerability.
Defensive priority
High
Recommended defensive actions
- Verify and restrict permissions for creating or modifying GRPCRoute resources.
- Review and validate GRPCRoute configurations for backendRef filters.
- Ensure NGINX Gateway Fabric is running a supported version.
- Monitor control plane for unexpected terminations.
- Implement compensating controls to detect and prevent suspicious GRPCRoute configurations.
- Perform regular security audits and vulnerability assessments.
- Establish incident response plans for potential exploitation.
Evidence notes
The CVE record was published on 2026-06-17T20:16:50.197Z and was last modified on 2026-07-02T20:03:50.680Z. The NVD entry is currently Analyzed. This information is based on the NVD entry and the CVE record. The vulnerability affects NGINX Gateway Fabric when configured using GRPCRoutes. The CVE record and NVD entry provide additional context and details about the vulnerability.
Official resources
-
CVE-2026-32682 CVE record
CVE.org
-
CVE-2026-32682 NVD detail
NVD
-
Source item URL
nvd_modified
-
Mitigation or vendor reference
[email protected] - Vendor Advisory
AI-assisted PatchSiren debrief based on the supplied source corpus. The CVE record was published on 2026-06-17T20:16:50.197Z and has not been modified since then. The NVD entry is currently Analyzed.