You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
On February 3, 2026, Spectro Cloud became aware of and is tracking the coordinated disclosure of multiple
27
+
vulnerabilities recently disclosed in the Nginx ingress controller versions 1.13.0–1.13.6 and 1.14.0–1.14.2. These
28
+
vulnerabilities were fixed in versions 1.13.7 and 1.14.3.
29
+
30
+
The following vulnerabilities _do not_ affect our products, as we do not use these annotations:
31
+
32
+
-CVE-2026-1580 - (`auth-method` annotation)
33
+
-CVE-2026-24512 - (`rules.http.paths.path`)
34
+
-CVE-2026-24513 - (`auth-url` protection)
35
+
36
+
The following vulnerability _does_ impact Palette Enterprise and Palette VerteX deployments:
37
+
38
+
-CVE-2026-24514 - Admission Controller denial of service
39
+
40
+
Nginx controller has been deprecated by the upstream provider, and we are in the process of migrating to Traefik ingress
41
+
controller. Until the migration to Traefik ingress is complete, we will be upgrading Nginx controller to version 1.13.7,
42
+
which will remediate this vulnerability.
43
+
44
+
### Affected Deployments
45
+
46
+
<!-- prettier-ignore-start -->
47
+
48
+
1.**Workload Clusters**
49
+
50
+
- All clusters using the <VersionedLinktext="Nginx"url="/integrations/packs/?pack=nginx" /> pack.
51
+
52
+
2.**Palette Enterprise and Palette VerteX deployments**
53
+
54
+
-CVE-2026-24514 affects all Palette Enterprise and Palette VerteX deployment methods (multi-tenant SaaS, dedicated SaaS, and self-hosted), as well as all workload clusters using the Nginx pack.
55
+
56
+
<!-- prettier-ignore-end -->
57
+
58
+
### Recommended Actions
59
+
60
+
<!-- prettier-ignore-start -->
61
+
62
+
We recommend taking the following actions to remediate CVE-2026-24514:
63
+
64
+
-**Multi-tenant and dedicated SaaS deployments** - No action necessary. Deployments will be patched as part of the standard update process.
65
+
-**Self-hosted deployments** - Update the <VersionedLinktext="Nginx"url="/integrations/packs/?pack=nginx" /> pack version to 1.13.7.
66
+
-**Workload clusters**
67
+
68
+
- Managed Kubernetes clusters (AKS, EKS, GKE) should be updated with patches from the cloud vendor as soon as they become available.
69
+
- Patched OS images for other cluster types will be available in an upcoming release. All customers are advised to upgrade to the latest Kubernetes patch versions as soon as they become available.
70
+
- A patch for Edge clusters will be available in an upcoming release. All customers are advised to upgrade the clusters to the patched version as soon as they become available.
71
+
72
+
<!-- prettier-ignore-end -->
73
+
74
+
If possible, we also recommend taking the following actions:
75
+
76
+
- Avoid running untrusted container images.
77
+
- Use rootless containers where possible to reduce impact scope.
78
+
- Restrict container `sysctl` configurations and disable host access to `/proc/sysrq-trigger` and
79
+
`/proc/sys/kernel/core_pattern` where feasible.
80
+
- Reinforce LSM enforcement and confirm AppArmor and SELinux profiles are correctly applied post-patch.
81
+
82
+
### References
83
+
84
+
For additional information, refer to the following GitHub Security Advisories:
0 commit comments