PatchSiren

PatchSiren cyber security CVE debrief

CVE-2026-52865 F5 CVE debrief

CVE-2026-52865 is a denial-of-service (DoS) vulnerability in the F5 Nginx Ingress Controller. An authenticated, remote attacker with permission to create or modify Ingress or TransportServer resources can cause the NGINX Ingress Controller process to terminate, resulting in a persistent crash loop. This control plane issue has a CVSS score of 7.1 and is classified as HIGH severity. Users of F5 Nginx Ingress Controller, particularly those with write access to Ingress or TransportServer resources, should be aware of this vulnerability and take steps to mitigate it. The vulnerability allows a remote, authenticated attacker with at least Ingress or TransportServer resource write access to cause a denial-of-service (DoS) on the NGINX Ingress Controller system.

Vendor
F5
Product
Nginx Ingress Controller
CVSS
HIGH 7.1
CISA KEV
Not listed in stored evidence
Original CVE published
2026-07-15
Original CVE updated
2026-07-16
Advisory published
2026-07-15
Advisory updated
2026-07-16

Who should care

Users of F5 Nginx Ingress Controller, particularly those with write access to Ingress or TransportServer resources, should be aware of this vulnerability and take steps to mitigate it. This includes administrators, security teams, and operators responsible for the Nginx Ingress Controller system.

Technical summary

The vulnerability exists in the NGINX Ingress Controller's processing of Ingress or TransportServer resources. An authenticated, remote attacker with write access can cause the control plane process to terminate and enter a persistent crash loop. The issue is confined to the control plane and does not affect the data plane. This control plane issue has a CVSS score of 7.1 and is classified as HIGH severity. The vulnerability allows a remote, authenticated attacker with at least Ingress or TransportServer resource write access to cause a denial-of-service (DoS) on the NGINX Ingress Controller system.

Defensive priority

High priority should be given to patching or mitigating this vulnerability, as it can be exploited by authenticated remote attackers with write access to Ingress or TransportServer resources.

Recommended defensive actions

  • Apply patches or updates provided by the vendor
  • Restrict write access to Ingress or TransportServer resources
  • Monitor for suspicious activity and anomalies
  • Implement compensating controls, such as rate limiting or IP blocking
  • Review system configurations for potential exposure
  • Track exceptions and retest remediated assets
  • Verify system updates through normal change control

Evidence notes

The CVE record and NVD detail provide information on the vulnerability, its impact, and affected versions. Vendor advisory K000161834 provides mitigation guidance. Evidence is limited to public sources and may not reflect all affected configurations or potential attack vectors. Defenders should verify system configurations and review vendor advisories for specific mitigation steps.

Official resources

AI-assisted PatchSiren debrief based on the supplied source corpus. The CVE record was published on 2026-07-15T15:16:44.587Z and has not been modified since then. The NVD entry is currently Analyzed.