Lucene search
K

CVE-2026-24512

🗓️ 03 Feb 2026 22:17:08Reported by kubernetesType 
cve
 cve
🔗 web.nvd.nist.gov👁 207 Views🌐 WEB

CVE-2026-24512: Ingress-nginx path config injection enables code execution and secrets access by the controller.

Related
Affected
Refs
Paths
[
  {
    "defaultStatus": "affected",
    "product": "ingress-nginx",
    "repo": "https://github.com/kubernetes/ingress-nginx",
    "vendor": "Kubernetes",
    "versions": [
      {
        "lessThan": "1.13.7",
        "status": "affected",
        "version": "0",
        "versionType": "semver"
      },
      {
        "lessThan": "1.14.3",
        "status": "affected",
        "version": "0",
        "versionType": "semver"
      }
    ]
  }
]
ParameterPositionPathDescriptionCWE
pathpath/api" return 200 "HACKED BY ATTACKERPath injection via unescaped input in API path leading to arbitrary nginx directivesCWE-20
pathpath/login" return 200 "Token: $http_authorizationCredential theft via reflection of Authorization header in response path inputCWE-20
pathpath/" return 302 "https://evil.com/phishingPhishing redirect via path injection to attacker-controlled URLCWE-20

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation