Ingress-Nginx Controller - Configuration Injection via Unsanitized `auth-url` Annotation

A security issue was discovered in ingress-nginx https-//github.com/kubernetes/ingress-nginx where the auth-url Ingress annotation can be used to inject configuration into nginx. This can lead to arbitrary code execution in the context of the ingress-nginx controller, and disclosure of Secrets...

Ingress-Nginx Controller - Configuration Injection via Unsanitized Mirror Annotations

A security issue was discovered in ingress-nginx https-//github.com/kubernetes/ingress-nginx where the mirror-target and mirror-host Ingress annotations can be used to inject arbitrary configuration into nginx. This can lead to arbitrary code execution in the context of the ingress-nginx...

Ingress-Nginx Controller - Configuration Injection via Unsanitized `auth-tls-match-cn` Annotation

A security issue was discovered in ingress-nginx https-//github.com/kubernetes/ingress-nginx where the auth-tls-match-cn Ingress annotation can be used to inject configuration into nginx. This can lead to arbitrary code execution in the context of the ingress-nginx controller, and disclosure of...

CVE-2026-54762

Traefik is an HTTP reverse proxy and load balancer. From 3.7.0-ea.1 until 3.7.5, there is a medium severity vulnerability in Traefik's Kubernetes Ingress NGINX provider that causes affected routes to fail open. When an Ingress explicitly enables BasicAuth or DigestAuth through the supported...

CVE-2026-54762

Traefik is an HTTP reverse proxy and load balancer. From 3.7.0-ea.1 until 3.7.5, there is a medium severity vulnerability in Traefik's Kubernetes Ingress NGINX provider that causes affected routes to fail open. When an Ingress explicitly enables BasicAuth or DigestAuth through the supported...

openSUSE 16 Security Update : syft (openSUSE-SU-2026:20928-1)

The remote openSUSE 16 host has packages installed that are affected by a vulnerability as referenced in the openSUSE- SU-2026:20928-1 advisory. Changes in syft: - Update to version 1.45.0: Added Features - Add support for ZapAddOns as jar files 4654 4932 @douglasclarke - MySQL binary classifier...

OPENSUSE-SU-2026:20928-1 Security update for syft

This update for syft fixes the following issues: Changes in syft: - Update to version 1.45.0: Added Features - Add support for ZapAddOns as jar files 4654 4932 @douglasclarke - MySQL binary classifier should distinguish between MySQL Cluster ndb and MySQL 3297 4907 @witchcraze - Catalog...

Exploit for CVE-2026-42945

ingress-nginx CVE-2026-42945 backport kit This repository doc...

GHSA-GCGV-V5GF-C543 vulnerabilities

Vulnerabilities for packages: ingress-nginx-controller...

CVE-2026-42945 vulnerabilities

Vulnerabilities for packages: ingress-nginx-controller...

CVE-2026-42945 vulnerabilities

Vulnerabilities for packages: ingress-nginx-controller, ingress-nginx-controller-fips...

GHSA-GCGV-V5GF-C543 vulnerabilities

Vulnerabilities for packages: ingress-nginx-controller, ingress-nginx-controller-fips...

CLEANSTART-2026-OB67529 Security fixes for CVE-2026-33811, CVE-2026-33814, CVE-2026-39820, CVE-2026-39823, CVE-2026-39825, CVE-2026-39826, CVE-2026-39836, CVE-2026-42499 applied in versions: 1.15.1-r0

Multiple security vulnerabilities affect the ingress-nginx-controller-1.15 package. These issues are resolved in later releases. See references for individual vulnerability details...

ROS-20260429-73-0040

A vulnerability in the incoming traffic controller in the Kubernetes ingress-nginx cluster is related to flaws in the input validation mechanism. Exploitation of the vulnerability could allow an attacker acting remotely to execute arbitrary code...

ROS-20260429-73-0041

A vulnerability in the incoming traffic controller in a Kubernetes ingress-nginx cluster is related to insufficient input validation. Exploitation of the vulnerability could allow a remote attacker to execute arbitrary code...

GHSA-FV83-X2XW-2J55 vulnerabilities

Vulnerabilities for packages: nodetaint, fluxcd-kustomize-mutating-webhook, karpenter, actions-runner-controller, grafana-rollout-operator, stakater-reloader, malcontent, oras, aws-load-balancer-controller, volume-modifier-for-k8s, supercronic, flux, victoriametrics-cluster, hubble,...

K000160575: ingress-nginx vulnerability CVE-2026-24512

Security Advisory Description A security issue was discovered in ingress-nginx where the rules.http.paths.path Ingress field can be used to inject configuration into nginx. This can lead to arbitrary code execution in the context of the ingress-nginx controller, and disclosure of Secrets accessib...

SUSE CVE-2026-4342

A security issue was discovered in ingress-nginx where a combination of Ingress annotations can be used to inject configuration into nginx. This can lead to arbitrary code execution in the context of the ingress-nginx controller, and disclosure of Secrets accessible to the controller. Note that i...

GHSA-67JX-R9PV-98RJ Traefik has Knative Ingress Rule Injection that Allows Host Restriction Bypass

Summary There is a potential vulnerability in Traefik's Kubernetes Knative, Ingress, and Ingress-NGINX providers related to rule injection. User-controlled values are interpolated into backtick-delimited Traefik router rule expressions without escaping or validation. A malicious value containing ...

CVE-2026-4342

A security issue was discovered in ingress-nginx where a combination of Ingress annotations can be used to inject configuration into nginx. This can lead to arbitrary code execution in the context of the ingress-nginx controller, and disclosure of Secrets accessible to the controller. Note that i...