Request for Patch/Fix for CVE-2026-24513 in ingress-nginx controller in IDSP
search cancel

Request for Patch/Fix for CVE-2026-24513 in ingress-nginx controller in IDSP

book

Article ID: 433077

calendar_today

Updated On:

Products

Symantec Identity Security Platform - IDSP (formerly VIP Authentication Hub)

Issue/Introduction

Running IDSP, the deployments of ingress-nginx-controller are affected by CVE-2026-24513, as flagged by a security monitoring tool.

Affected versions are under version 1.14.3 (1).

Is there a patched version available compatible with IDSP?

What are the recommended mitigations for this vulnerability?

Resolution

Upgrade the ingress-nginx by using the instructions in the 4.0 documentation to ensure the configuration includes the annotations flag to allow it to be used.

To upgrade from earlier version to 4.12, set the flag (2).

  controller.config.annotations-risk-level=Critical

Then, to upgrade from 4.12 to 4.14, it is straightforward and no special instructions are required.
  
Upgrade IDSP to the version 4.0.2, when this one will be available, that will include ingress version 4.14.3.

Additional Information

  1. CVE-2026-24513: ingress-nginx auth-url protection bypass #136679

  2. Deploying Ingress Controller

Powered by Wolken Software