CVE-2026-50107

Think of NGINX Gateway Fabric as an automated “configuration generator” that builds NGINX settings for you. This flaw lets a user who can change certain gateway settings insert text that becomes part of the generated NGINX configuration, like slipping extra instructions into a form that gets copied straight onto a live document. If an attacker has permission to create or modify the related CRDs, they may be able to make the system load unintended NGINX directives.

This matters to you if you run F5 NGINX Gateway Fabric with NGINX Plus or NGINX Open Source acting as the data plane. It is mainly a risk for environments where someone can create or edit NGINX Gateway Fabric CRDs (for example, a misconfigured team permission, stolen credentials, or an insider). If your business does not use NGINX Gateway Fabric in the way described, impact is not expected, but you should confirm your setup with your IT provider.

This is rated HIGH and the issue is described as newly patched, so you should prioritize updates. However, there is currently no public evidence of active exploitation in the wild from the information provided, and there is no known public exploit. Treat it as an urgent “fix it promptly” item—especially if your environment allows people or service accounts to modify those CRDs.

1. Check with your IT person (or F5 support) whether you are using F5 NGINX Gateway Fabric with NGINX Plus/Open Source as the data plane, and identify your exact version. 2) Update NGINX Gateway Fabric to the fixed release your vendor recommends, and verify the fix is deployed. 3) Review who can create/modify the relevant CRDs (especially the NginxProxy CRD setting for access log format) and tighten permissions to the minimum needed.