Ingress-Nginx Controller - Configuration Injection via Unsanitized `auth-url` Annotation

A security issue was discovered in ingress-nginx https-//github.com/kubernetes/ingress-nginx where the auth-url Ingress annotation can be used to inject configuration into nginx. This can lead to arbitrary code execution in the context of the ingress-nginx controller, and disclosure of Secrets...

Ingress-Nginx Controller - Configuration Injection via Unsanitized Mirror Annotations

A security issue was discovered in ingress-nginx https-//github.com/kubernetes/ingress-nginx where the mirror-target and mirror-host Ingress annotations can be used to inject arbitrary configuration into nginx. This can lead to arbitrary code execution in the context of the ingress-nginx...

Ingress-Nginx Controller - Configuration Injection via Unsanitized `auth-tls-match-cn` Annotation

A security issue was discovered in ingress-nginx https-//github.com/kubernetes/ingress-nginx where the auth-tls-match-cn Ingress annotation can be used to inject configuration into nginx. This can lead to arbitrary code execution in the context of the ingress-nginx controller, and disclosure of...

kernel: Linux kernel: Use-after-free in traffic control (act_ct) may lead to denial of service or privilege escalation

A flaw was found in the Linux kernel. A use-after-free vulnerability exists in the traffic control actct path when it is incorrectly configured with non-ingress egress qdiscs queueing disciplines. This can allow a local user with specific privileges to trigger a kernel crash, leading to a denial ...

kernel: Linux kernel: Use-after-free in traffic control (act_ct) may lead to denial of service or privilege escalation

A flaw was found in the Linux kernel. A use-after-free vulnerability exists in the traffic control actct path when it is incorrectly configured with non-ingress egress qdiscs queueing disciplines. This can allow a local user with specific privileges to trigger a kernel crash, leading to a denial ...

CVE-2026-1784

CVE-2026-1784 affects the Route OpenShift resource (OpenShift route definitions using HAProxy) where checks on the spec.path YAML stanza are insufficient, allowing controlled injection of the HAProxy configuration. The CVE description and linked records indicate this can lead to remote code execu...

Ingress-Nginx Controller - Remote Code Execution

A security issue was discovered in Kubernetes where under certain conditions, an unauthenticated attacker with access to the pod network can achieve arbitrary code execution in the context of the ingress-nginx controller. This can lead to disclosure of Secrets accessible to the controller. Note...

aks-poc-setup

AKS Production-Grade POC Setup A comprehensive, production-re...

CVE-2026-39821 affecting package application-gateway-kubernetes-ingress for versions less than 1.7.7-4

CVE-2026-39821 affecting package application-gateway-kubernetes-ingress for versions less than 1.7.7-4. A patched version of the package is available...

CVE-2026-42506 affecting package application-gateway-kubernetes-ingress for versions less than 1.7.7-4

CVE-2026-42506 affecting package application-gateway-kubernetes-ingress for versions less than 1.7.7-4. A patched version of the package is available...

CVE-2026-25680 affecting package application-gateway-kubernetes-ingress for versions less than 1.7.7-4

CVE-2026-25680 affecting package application-gateway-kubernetes-ingress for versions less than 1.7.7-4. A patched version of the package is available...

CVE-2026-25681 affecting package application-gateway-kubernetes-ingress for versions less than 1.7.7-4

CVE-2026-25681 affecting package application-gateway-kubernetes-ingress for versions less than 1.7.7-4. A patched version of the package is available...

CVE-2026-27136 affecting package application-gateway-kubernetes-ingress for versions less than 1.7.7-4

CVE-2026-27136 affecting package application-gateway-kubernetes-ingress for versions less than 1.7.7-4. A patched version of the package is available...

CVE-2026-42502 affecting package application-gateway-kubernetes-ingress for versions less than 1.7.7-4

CVE-2026-42502 affecting package application-gateway-kubernetes-ingress for versions less than 1.7.7-4. A patched version of the package is available...

kernel: Linux kernel: Use-after-free in traffic control (act_ct) may lead to denial of service or privilege escalation

A flaw was found in the Linux kernel. A use-after-free vulnerability exists in the traffic control actct path when it is incorrectly configured with non-ingress egress qdiscs queueing disciplines. This can allow a local user with specific privileges to trigger a kernel crash, leading to a denial ...

kernel: Linux kernel: Use-after-free in traffic control (act_ct) may lead to denial of service or privilege escalation

A flaw was found in the Linux kernel. A use-after-free vulnerability exists in the traffic control actct path when it is incorrectly configured with non-ingress egress qdiscs queueing disciplines. This can allow a local user with specific privileges to trigger a kernel crash, leading to a denial ...

Exploit for CVE-2026-42945

NGINX Rift — CVE-2026-42945 Vulnerability Scanning and Verific...

Exploit for CVE-2026-42945

ingress-nginx CVE-2026-42945 backport kit This repository doc...

SUSE CVE-2021-25736

Kube-proxy on Windows can unintentionally forward traffic to local processes listening on the same port “spec.ports.port” as a LoadBalancer Service when the LoadBalancer controller does not set the “status.loadBalancer.ingress.ip” field. Clusters where the LoadBalancer controller sets the...

Insertion of Sensitive Information Into Sent Data

Overview Affected versions of this package are vulnerable to Insertion of Sensitive Information Into Sent Data via the diagnostics endpoint. An attacker can obtain sensitive secret-backed plugin configuration data by accessing this endpoint. Remediation There is no fixed version for...