CVE-2026-24513

Name of the Vulnerable Software and Affected Versions ingress-nginx versions prior to 1.11.4 ingress-nginx versions prior to 1.12.1

Description A security issue exists in ingress-nginx where the protection provided by the auth-url Ingress annotation may not function as expected due to a specific misconfiguration. If the ingress-nginx controller is configured with a default custom-errors configuration that includes HTTP errors 401 or 403, and the configured default custom-errors backend is defective and does not respect the X-Code HTTP header, an Ingress with the auth-url annotation may be accessible even when authentication fails. The issue arises from improper trust in HTTP responses from an external custom error backend. Attackers can target ingress resources using auth-url and custom-http-errors, exploiting misbehaving external error backends that ignore the X-Code headers to bypass authentication controls. The vulnerable component is the interaction between ingress-nginx and external custom error backends. The API Endpoint involved is the ingress resource configured with auth-url. The vulnerable parameter is the X-Code HTTP header.

Recommendations Upgrade to ingress-nginx version 1.11.4 or later. Upgrade to ingress-nginx version 1.12.1 or later. Audit Ingress objects using both auth-url and custom-http-errors annotations. Replace external error backends or fix X-Code header handling. Monitor ingress-nginx logs for HTTP 200 responses with auth response status=401/403.