PatchSiren

PatchSiren cyber security CVE debrief

CVE-2026-32682 F5 CVE debrief

An authenticated, remote attacker with permission to create or modify GRPCRoute resources can cause the NGINX Gateway Fabric control plane to terminate by sending undisclosed GRPCRoute configurations containing backendRef filters. This vulnerability exists in NGINX Gateway Fabric when configured using GRPCRoutes. The attacker must have permission to create or modify GRPCRoute resources to exploit this vulnerability.

Vendor
F5
Product
NGINX Gateway Fabric
CVSS
HIGH 7.1
CISA KEV
Not listed in stored evidence
Original CVE published
2026-06-17
Original CVE updated
2026-07-02
Advisory published
2026-06-17
Advisory updated
2026-07-02

Who should care

Users of NGINX Gateway Fabric, especially those with GRPCRoutes configured, should verify their configurations and ensure they are running supported versions. This includes reviewing and validating GRPCRoute configurations for backendRef filters and monitoring the control plane for unexpected terminations.

Technical summary

The vulnerability exists in NGINX Gateway Fabric when configured using GRPCRoutes. An authenticated, remote attacker with permission to create or modify GRPCRoute resources can cause the NGINX Gateway Fabric control plane to terminate. This is achieved by sending undisclosed GRPCRoute configurations containing backendRef filters. The attacker must have permission to create or modify GRPCRoute resources to exploit this vulnerability.

Defensive priority

High

Recommended defensive actions

  • Verify and restrict permissions for creating or modifying GRPCRoute resources.
  • Review and validate GRPCRoute configurations for backendRef filters.
  • Ensure NGINX Gateway Fabric is running a supported version.
  • Monitor control plane for unexpected terminations.
  • Implement compensating controls to detect and prevent suspicious GRPCRoute configurations.
  • Perform regular security audits and vulnerability assessments.
  • Establish incident response plans for potential exploitation.

Evidence notes

The CVE record was published on 2026-06-17T20:16:50.197Z and was last modified on 2026-07-02T20:03:50.680Z. The NVD entry is currently Analyzed. This information is based on the NVD entry and the CVE record. The vulnerability affects NGINX Gateway Fabric when configured using GRPCRoutes. The CVE record and NVD entry provide additional context and details about the vulnerability.

Official resources

AI-assisted PatchSiren debrief based on the supplied source corpus. The CVE record was published on 2026-06-17T20:16:50.197Z and has not been modified since then. The NVD entry is currently Analyzed.