CVE-2026-50107
NGINX Gateway Fabric vulnerability
Description
When NGINX Plus or NGINX Open Source is configured as the data plane for NGINX Gateway Fabric, an injection vulnerability exists in the NGINX configuration generator component of NGINX Gateway Fabric. User-supplied string values from the NginxProxy Custom Resource Definition (CRD) access log format setting are rendered directly into NGINX configuration templates without sanitization or escaping. An authenticated attacker with permission to create or modify these CRDs may craft values that inject arbitrary NGINX configuration directives. This is a control plane issue; there is no data plane exposure from the vulnerability trigger itself. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
INFO
Published Date :
June 17, 2026, 8:04 p.m.
Last Modified :
June 17, 2026, 8:04 p.m.
Remotely Exploit :
Yes !
Source :
f5
CVSS Scores
| Score | Version | Severity | Vector | Exploitability Score | Impact Score | Source |
|---|---|---|---|---|---|---|
| CVSS 3.1 | HIGH | 9dacffd4-cb11-413f-8451-fbbfd4ddc0ab | ||||
| CVSS 4.0 | HIGH | 9dacffd4-cb11-413f-8451-fbbfd4ddc0ab |
Solution
- Update NGINX Gateway Fabric to the latest version.
- Review and sanitize all NginxProxy CRD access log formats.
- Ensure NGINX configuration templates properly escape user input.
- Restrict creation/modification of CRDs to trusted users.
We scan GitHub repositories to detect new proof-of-concept exploits. Following list is a collection of public exploits and proof-of-concepts, which have been published on GitHub (sorted by the most recently updated).
Results are limited to the first 15 repositories due to potential performance issues.
The following list is the news that have been mention
CVE-2026-50107 vulnerability anywhere in the article.