nginx: NGINX: Data injection via man-in-the-middle attack on TLS proxied connections

A flaw was found in NGINX. When NGINX is configured to proxy to upstream Transport Layer Security TLS servers, An attacker with a man-in-the-middle MITM position on the upstream server side—along with conditions beyond the attacker's control—may be able to inject plain text data into the response...

Moderate: Red Hat Security Advisory: nginx:1.26 security update

An update for the nginx:1.26 module is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

GO-2026-4614 Nginx-UI Vulnerable to Unauthenticated Backup Download with Encryption Key Disclosure in github.com/0xJacky/Nginx-UI

Nginx-UI Vulnerable to Unauthenticated Backup Download with Encryption Key Disclosure in github.com/0xJacky/Nginx-UI. NOTE: The source advisory for this report contains additional versions that could not be automatically mapped to standard Go module versions. If this is causing false-positive...

Exploit for CVE-2026-27944

Nginx UI Discovery Scanner - CVE-2026-27944 Version Detector ht...

Exploit for CVE-2026-27944

CVE-2026-27944 - Nginx-UI Unauthenticated Backup Download !...

CLSA-2026-1773137907 nginx: Fix of CVE-2026-1642

CVE-2026-1642: fix upstream TLS proxy vulnerability allowing MITM inject plaintext into proxied responses; enforce strict upstream TLS verification and reject injected plaintext...

ROS-20260310-73-0049

Vulnerability in golang-k8s-ingress-nginx related to insufficient input validation. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of service...

Moderate: nginx:1.26 security update

nginx is a web and proxy server supporting HTTP and other protocols, with a focus on high concurrency, performance, and low memory usage. Security Fixes: nginx: NGINX: Data injection via man-in-the-middle attack on TLS proxied connections CVE-2026-1642 For more details about the security issues,...

ROS-20260310-73-0048

Vulnerability in golang-k8s-ingress-nginx related to insufficient input validation. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of service...

ALSA-2026:4235 Moderate: nginx:1.26 security update

nginx is a web and proxy server supporting HTTP and other protocols, with a focus on high concurrency, performance, and low memory usage. Security Fixes: nginx: NGINX: Data injection via man-in-the-middle attack on TLS proxied connections CVE-2026-1642 For more details about the security issues,...

Resource Injection

Overview Affected versions of this package are vulnerable to Resource Injection via the buildProxyPass function. An attacker can execute arbitrary code and access sensitive information by injecting malicious configuration into the nginx controller process. Remediation Upgrade...

CVE-2026-3288

A security issue was discovered in ingress-nginx where the nginx.ingress.kubernetes.io/rewrite-target Ingress annotation can be used to inject configuration into nginx. This can lead to arbitrary code execution in the context of the ingress-nginx controller, and disclosure of Secrets accessible t...

CVE-2026-3288

A security issue was discovered in ingress-nginx where the nginx.ingress.kubernetes.io/rewrite-target Ingress annotation can be used to inject configuration into nginx. This can lead to arbitrary code execution in the context of the ingress-nginx controller, and disclosure of Secrets accessible t...

CVE-2026-3288 ingress-nginx rewrite-target nginx configuration injection

A security issue was discovered in ingress-nginx where the nginx.ingress.kubernetes.io/rewrite-target Ingress annotation can be used to inject configuration into nginx. This can lead to arbitrary code execution in the context of the ingress-nginx controller, and disclosure of Secrets accessible t...

CVE-2026-3288

Summary: CVE-2026-3288 concerns ingress-nginx where the nginx.ingress.kubernetes.io/rewrite-target annotation can inject configuration into nginx, enabling arbitrary code execution in the ingress-nginx controller and disclosure of Secrets accessible to the controller. The default installation can...

CVE-2026-3288

A security issue was discovered in ingress-nginx where the nginx.ingress.kubernetes.io/rewrite-target Ingress annotation can be used to inject configuration into nginx. This can lead to arbitrary code execution in the context of the ingress-nginx controller, and disclosure of Secrets accessible t...

CVE-2026-3288 ingress-nginx rewrite-target nginx configuration injection

A security issue was discovered in ingress-nginx where the nginx.ingress.kubernetes.io/rewrite-target Ingress annotation can be used to inject configuration into nginx. This can lead to arbitrary code execution in the context of the ingress-nginx controller, and disclosure of Secrets accessible t...

Kubernetes ingress-nginx 安全漏洞

Kubernetes ingress-nginx is a Kubernetes entry controller open-sourced by the Cloud Native Computing Foundation. It uses NGINX as a reverse proxy and load balancer. There is a security vulnerability in Kubernetes ingress-nginx, where the comment on nginx.ingress.kubernetes.io/rewrite-target can b...

PT-2026-24119

Name of the Vulnerable Software and Affected Versions ingress-nginx versions prior to 1.13.7 and 1.14.3 Description A security issue exists in ingress-nginx where the nginx.ingress.kubernetes.io/rewrite-target Ingress annotation can be exploited to inject configuration into nginx. This can result...

CVE-2026-27944

Nginx UI is a web user interface for the Nginx web server. Prior to version 2.3.3, the /api/backup endpoint is accessible without authentication and discloses the encryption keys required to decrypt the backup in the X-Backup-Security response header. This allows an unauthenticated attacker to...