What is CVE-2026-32682?

CVE-2026-32682 is a medium-severity vulnerability in F5 Nginx Gateway Fabric, classified under Improper Validation of Array Index. CVSS score: 6.5/10. Published 2026-06-17.

How severe is CVE-2026-32682?

Medium severity. CVSS v3 base score is 6.5 out of 10.

Vulnerability in F5 Nginx Gateway Fabric

CVE-2026-32682

When NGINX Gateway Fabric is configured using GRPCRoutes, an authenticated, remote attacker with permission to create or modify GRPCRoute resources can cause the NGINX Gateway Fabric control plane to terminate by sending undisclosed GRPCRo…

CVSS v3 metric

CVSS v3 base score 6.5 (Medium). Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H.

Affected products

F5 Nginx Gateway Fabric — versions 1.3.0

Weakness classification (CWE)

CWE-129 — Improper Validation of Array Index

References

f5sirt@f5.com (vendor-advisory)

Frequently asked questions

What is CVE-2026-32682?: CVE-2026-32682 is a medium-severity vulnerability in F5 Nginx Gateway Fabric, classified under Improper Validation of Array Index. CVSS score: 6.5/10. Published 2026-06-17.
How severe is CVE-2026-32682?: Medium severity. CVSS v3 base score is 6.5 out of 10.