Skip to main content

Government officials will never ask you to transfer money or disclose bank log-in details over a phone call.

Call the 24/7 ScamShield Helpline at 1799 if you are unsure if something is a scam.

Cyber Security Agency of Singapore
Alerts

High Severity Vulnerabilities in Ingress NGINX controller

11 February 2026

The Kubernetes project has released software updates addressing multiple vulnerabilities in Ingress NGINX controller. Users and administrators of affected products are advised to update to the latest version immediately.

Background

The Kubernetes project has released software updates addressing multiple vulnerabilities (CVE-2026-24512 and CVE-2026-1580) in Ingress NGINX controller.

Impact

Successful exploitation of the vulnerabilities can lead to arbitrary code execution within the Ingress NGINX controller and unauthorised access to Kubernetes secrets, potentially exposing sensitive information and enabling further compromise of the cluster.

Affected products

The vulnerabilities affect Ingress NGINX controller versions prior to 1.13.7 and 1.14.3.

Recommendation 

Users and administrators of affected products are advised to update to the latest version immediately.

References

https://cyberleveling.com/blog/ingress-nginx-vulnerabilities-cve-2026-1580

https://nvd.nist.gov/vuln/detail/CVE-2026-24512

https://nvd.nist.gov/vuln/detail/CVE-2026-1580

Back to top