Kata Containers have VM Escape via virtiofsd Argument Injection through Default-Enabled Pod Annotations

Summary Kata Containers ships with a default configuration that allows pod creators to inject arbitrary command-line arguments into the virtiofsd process through the io.katacontainers.config.hypervisor.virtiofsextraargs pod annotation. By injecting -o source=/ along with --no-announce-submounts a...

BIT-NGINX-INGRESS-CONTROLLER-2026-4342 ingress-nginx comment-based nginx configuration injection

A security issue was discovered in ingress-nginx where a combination of Ingress annotations can be used to inject configuration into nginx. This can lead to arbitrary code execution in the context of the ingress-nginx controller, and disclosure of Secrets accessible to the controller. Note that i...

Exploit for CVE-2026-4342

CVE-2026-4342 Test Environment Configuration These files set...

GHSA-F53H-MXV9-CP98 ingress-nginx comment-based nginx configuration injection

A security issue was discovered in ingress-nginx where a combination of Ingress annotations can be used to inject configuration into nginx. This can lead to arbitrary code execution in the context of the ingress-nginx controller, and disclosure of Secrets accessible to the controller. Note that i...

CVE-2026-4342

A security issue was discovered in ingress-nginx where a combination of Ingress annotations can be used to inject configuration into nginx. This can lead to arbitrary code execution in the context of the ingress-nginx controller, and disclosure of Secrets accessible to the controller. Note that i...

CVE-2026-4342 ingress-nginx comment-based nginx configuration injection

A security issue was discovered in ingress-nginx where a combination of Ingress annotations can be used to inject configuration into nginx. This can lead to arbitrary code execution in the context of the ingress-nginx controller, and disclosure of Secrets accessible to the controller. Note that i...

CVE-2026-4342 ingress-nginx comment-based nginx configuration injection

A security issue was discovered in ingress-nginx where a combination of Ingress annotations can be used to inject configuration into nginx. This can lead to arbitrary code execution in the context of the ingress-nginx controller, and disclosure of Secrets accessible to the controller. Note that i...

CVE-2026-4342

A security issue was discovered in ingress-nginx where a combination of Ingress annotations can be used to inject configuration into nginx. This can lead to arbitrary code execution in the context of the ingress-nginx controller, and disclosure of Secrets accessible to the controller. Note that i...

CVE-2026-4342

The CVE-2026-4342 entry concerns ingress-nginx. A combination of Ingress annotations can inject configuration into nginx, enabling arbitrary code execution in the ingress-nginx controller and disclosure of Secrets accessible to the controller. Note that, in default installations, the controller c...

Kubernetes ingress-nginx 安全漏洞

Kubernetes ingress-nginx is a Kubernetes entry controller open-sourced by the Cloud Native Computing Foundation. It uses NGINX as a reverse proxy and load balancer. There is a security vulnerability in Kubernetes ingress-nginx. This vulnerability stems from the Ingress annotation combination, whi...

PT-2026-25976

Name of the Vulnerable Software and Affected Versions jsPDF versions prior to 4.2.1 Description jsPDF is a JavaScript library used to generate PDF documents. A flaw exists where user-controlled arguments within the createAnnotation method can allow the injection of arbitrary PDF objects, includin...

SUSE CVE-2026-1580

A security issue was discovered in ingress-nginx where the nginx.ingress.kubernetes.io/auth-method Ingress annotation can be used to inject configuration into nginx. This can lead to arbitrary code execution in the context of the ingress-nginx controller, and disclosure of Secrets accessible to t...

CVE-2025-15566

A security issue was discovered in ingress-nginx where the nginx.ingress.kubernetes.io/auth-proxy-set-headers Ingress annotation can be used to inject configuration into nginx. This can lead to arbitrary code execution in the context of the ingress-nginx controller, and disclosure of Secrets...

CVE-2026-1580

A security issue was discovered in ingress-nginx where the nginx.ingress.kubernetes.io/auth-method Ingress annotation can be used to inject configuration into nginx. This can lead to arbitrary code execution in the context of the ingress-nginx controller, and disclosure of Secrets accessible to t...

ingress-nginx's `nginx.ingress.kubernetes.io/auth-method` Ingress annotation can be used to inject configuration into nginx

A security issue was discovered in ingress-nginx where the nginx.ingress.kubernetes.io/auth-method Ingress annotation can be used to inject configuration into nginx. This can lead to arbitrary code execution in the context of the ingress-nginx controller, and disclosure of Secrets accessible to t...

Ingress-NGINX Controller < 1.13.7 / 1.14.x < 1.14.3 Multiple Vulnerabilities

The version of Ingress-NGINX controller installed on the remote host is prior to 1.13.7 or 1.14.3. It is, therefore, affected by multiple vulnerabilities: - A security issue was discovered in ingress-nginx where the nginx.ingress.kubernetes.io/auth-method Ingress annotation can be used to inject...

CVE-2026-1580

A security issue was discovered in ingress-nginx where the nginx.ingress.kubernetes.io/auth-method Ingress annotation can be used to inject configuration into nginx. This can lead to arbitrary code execution in the context of the ingress-nginx controller, and disclosure of Secrets accessible to t...

EUVD-2023-2661

Malicious code in bioql PyPI...

EUVD-2024-1060

Malicious code in bioql PyPI...

SUSE CVE-2025-1097

A security issue was discovered in ingress-nginx https://github.com/kubernetes/ingress-nginx where the auth-tls-match-cn Ingress annotation can be used to inject configuration into nginx. This can lead to arbitrary code execution in the context of the ingress-nginx controller, and disclosure of...