4 matches found
SUSE CVE-2026-24512
A security issue was discovered in ingress-nginx where the rules.http.paths.path Ingress field can be used to inject configuration into nginx. This can lead to arbitrary code execution in the context of the ingress-nginx controller, and disclosure of Secrets accessible to the controller. Note tha...
CVE-2026-24512
Ingress-NGINX Controller vulnerability CVE-2026-24512: the rules.http.paths.path Ingress field can inject configuration into nginx, enabling arbitrary code execution and access to controller-scoped Secrets. Affected versions include k8s.io/ingress-nginx before 1.13.7 and 1.14.x before 1.14.3; rem...
CVE-2026-24512 ingress-nginx auth-method nginx configuration injection
A security issue was discovered in ingress-nginx where the rules.http.paths.path Ingress field can be used to inject configuration into nginx. This can lead to arbitrary code execution in the context of the ingress-nginx controller, and disclosure of Secrets accessible to the controller. Note tha...
CVE-2026-24512
creationtimestamp| type| source ---|---|--- 2026-02-02 15:57:33+00:00| seen| https://seclists.org/oss-sec/2026/q1/140 2026-02-03 18:11:43+00:00| seen| https://hachyderm.io/users/ChrisShort/statuses/116008045925159135 2026-02-03 18:11:45+00:00| seen|...