What is CVE-2026-50107?

CVE-2026-50107 is a high-severity vulnerability in F5 Nginx Gateway Fabric, classified under Improper Neutralization of Special Elements in Output Used by a Downstream Component (Injection). CVSS score: 8.1/10. Published 2026-06-17.

How severe is CVE-2026-50107?

High severity. CVSS v3 base score is 8.1 out of 10.

Vulnerability in F5 Nginx Gateway Fabric

CVE-2026-50107

When NGINX Plus or NGINX Open Source is configured as the data plane for NGINX Gateway Fabric, an injection vulnerability exists in the NGINX configuration generator component of NGINX Gateway Fabric. User-supplied string values from the N…

CVSS v3 metric

CVSS v3 base score 8.1 (High). Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N.

Affected products

F5 Nginx Gateway Fabric — versions 2.3.0

Weakness classification (CWE)

CWE-74 — Improper Neutralization of Special Elements in Output Used by a Downstream Component (Injection)

References

f5sirt@f5.com (vendor-advisory)

Frequently asked questions

What is CVE-2026-50107?: CVE-2026-50107 is a high-severity vulnerability in F5 Nginx Gateway Fabric, classified under Improper Neutralization of Special Elements in Output Used by a Downstream Component (Injection). CVSS score: 8.1/10. Published 2026-06-17.
How severe is CVE-2026-50107?: High severity. CVSS v3 base score is 8.1 out of 10.