6246 matches found
SUSE CVE-2026-24513
A security issue was discovered in ingress-nginx where the protection afforded by the auth-url Ingress annotation may not be effective in the presence of a specific misconfiguration. If the ingress-nginx controller is configured with a default custom-errors configuration that includes HTTP errors...
SUSE CVE-2026-24514
A security issue was discovered in ingress-nginx where the validating admission controller feature is subject to a denial of service condition. By sending large requests to the validating admission controller, an attacker can cause memory consumption, which may result in the ingress-nginx...
Improper Validation of Specified Type of Input
Overview Affected versions of this package are vulnerable to Improper Validation of Specified Type of Input in the auth-proxy-set-headers annotation, which allows injection of configuration into nginx. An attacker can execute arbitrary code and access sensitive information by supplying crafted...
CVE-2025-15566
A security issue was discovered in ingress-nginx where the nginx.ingress.kubernetes.io/auth-proxy-set-headers Ingress annotation can be used to inject configuration into nginx. This can lead to arbitrary code execution in the context of the ingress-nginx controller, and disclosure of Secrets...
CVE-2025-15566
A security issue was discovered in ingress-nginx where the nginx.ingress.kubernetes.io/auth-proxy-set-headers Ingress annotation can be used to inject configuration into nginx. This can lead to arbitrary code execution in the context of the ingress-nginx controller, and disclosure of Secrets...
CVE-2025-15566 ingress-nginx auth-proxy-set-headers nginx configuration injection
A security issue was discovered in ingress-nginx where the nginx.ingress.kubernetes.io/auth-proxy-set-headers Ingress annotation can be used to inject configuration into nginx. This can lead to arbitrary code execution in the context of the ingress-nginx controller, and disclosure of Secrets...
CVE-2025-15566 ingress-nginx auth-proxy-set-headers nginx configuration injection
A security issue was discovered in ingress-nginx where the nginx.ingress.kubernetes.io/auth-proxy-set-headers Ingress annotation can be used to inject configuration into nginx. This can lead to arbitrary code execution in the context of the ingress-nginx controller, and disclosure of Secrets...
CVE-2025-15566
A security issue was discovered in ingress-nginx where the nginx.ingress.kubernetes.io/auth-proxy-set-headers Ingress annotation can be used to inject configuration into nginx. This can lead to arbitrary code execution in the context of the ingress-nginx controller, and disclosure of Secrets...
CVE-2025-15566
CVE-2025-15566 affects ingress-nginx via the auth-proxy-set-headers annotation that can inject configuration into nginx, enabling arbitrary code execution in the ingress-nginx controller and disclosure of Secrets accessible cluster-wide. Connected sources confirm the vulnerability lies in the ann...
EUVD-2025-206889
A security issue was discovered in ingress-nginx where the nginx.ingress.kubernetes.io/auth-proxy-set-headers Ingress annotation can be used to inject configuration into nginx. This can lead to arbitrary code execution in the context of the ingress-nginx controller, and disclosure of Secrets...
PT-2026-6670
Name of the Vulnerable Software and Affected Versions ingress-nginx affected versions not specified Description A security issue exists in ingress-nginx where the nginx.ingress.kubernetes.io/auth-proxy-set-headers Ingress annotation can be used to inject configuration into nginx. This can result ...
OPENSUSE-SU-2026:10158-1 nginx-1.29.5-1.1 on GA media
These are all security issues fixed in the nginx-1.29.5-1.1 package on the GA media of openSUSE Tumbleweed...
Malicious NGINX Configurations Enable Large-Scale Web Traffic Hijacking Campaign
Cybersecurity researchers have disclosed details of an active web traffic hijacking campaign that has targeted NGINX installations and management panels like Baota BT in an attempt to route it through the attacker's infrastructure. Datadog Security Labs said it observed threat actors associated...
GO-2026-4426 ingress-nginx's `rules.http.paths.path` Ingress field can be used to inject configuration into nginx in k8s.io/ingress-nginx
ingress-nginx's rules.http.paths.path Ingress field can be used to inject configuration into nginx in k8s.io/ingress-nginx. NOTE: The source advisory for this report contains additional versions that could not be automatically mapped to standard Go module versions. If this is causing false-positi...
GO-2026-4419 ingress-nginx has Improper Check for Unusual or Exceptional Conditions in k8s.io/ingress-nginx
ingress-nginx has Improper Check for Unusual or Exceptional Conditions in k8s.io/ingress-nginx. NOTE: The source advisory for this report contains additional versions that could not be automatically mapped to standard Go module versions. If this is causing false-positive reports from vulnerabilit...
GO-2026-4423 ingress-nginx's `nginx.ingress.kubernetes.io/auth-method` Ingress annotation can be used to inject configuration into nginx in k8s.io/ingress-nginx
ingress-nginx's nginx.ingress.kubernetes.io/auth-method Ingress annotation can be used to inject configuration into nginx in k8s.io/ingress-nginx. NOTE: The source advisory for this report contains additional versions that could not be automatically mapped to standard Go module versions. If this ...
GO-2026-4417 ingress-nginx vulnerable to Allocation of Resources Without Limits or Throttling in k8s.io/ingress-nginx
ingress-nginx vulnerable to Allocation of Resources Without Limits or Throttling in k8s.io/ingress-nginx. NOTE: The source advisory for this report contains additional versions that could not be automatically mapped to standard Go module versions. If this is causing false-positive reports from...
CVE-2026-24513
A security issue was discovered in ingress-nginx where the protection afforded by the auth-url Ingress annotation may not be effective in the presence of a specific misconfiguration. If the ingress-nginx controller is configured with a default custom-errors configuration that includes HTTP errors...
CVE-2026-24514
A security issue was discovered in ingress-nginx where the validating admission controller feature is subject to a denial of service condition. By sending large requests to the validating admission controller, an attacker can cause memory consumption, which may result in the ingress-nginx...
CVE-2026-24512
A security issue was discovered in ingress-nginx where the rules.http.paths.path Ingress field can be used to inject configuration into nginx. This can lead to arbitrary code execution in the context of the ingress-nginx controller, and disclosure of Secrets accessible to the controller. Note tha...