CVE Catalog

CVE-2026-32682

MediumCVSS 6.5
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.29%

21th percentile — higher than 21% of all known CVEs

Summary

A vulnerability in NGINX Gateway Fabric allows an authenticated remote attacker with permission to create or modify GRPCRoute resources to cause the control plane to terminate by sending specially crafted GRPCRoute configurations containing backendRef filters.

Risk Assessment

The risk is a potential DoS attack on the NGINX Gateway Fabric control plane, which can disrupt services managed by the gateway and impact application availability.

Recommendation

It is recommended to immediately update NGINX Gateway Fabric to the latest available version containing a fix for this vulnerability, and restrict permissions to create or modify GRPCRoute resources to trusted users only.

Original NVD description (English source)

When NGINX Gateway Fabric is configured using GRPCRoutes, an authenticated, remote attacker with permission to create or modify GRPCRoute resources can cause the NGINX Gateway Fabric control plane to terminate by sending undisclosed GRPCRoute configurations containing backendRef filters. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS