6248 matches found
CVE-2026-24513
A security issue was discovered in ingress-nginx where the protection afforded by the auth-url Ingress annotation may not be effective in the presence of a specific misconfiguration. If the ingress-nginx controller is configured with a default custom-errors configuration that includes HTTP errors...
CVE-2026-24514
A security issue was discovered in ingress-nginx where the validating admission controller feature is subject to a denial of service condition. By sending large requests to the validating admission controller, an attacker can cause memory consumption, which may result in the ingress-nginx...
CVE-2026-1580
A security issue was discovered in ingress-nginx where the nginx.ingress.kubernetes.io/auth-method Ingress annotation can be used to inject configuration into nginx. This can lead to arbitrary code execution in the context of the ingress-nginx controller, and disclosure of Secrets accessible to t...
CVE-2026-24512
A security issue was discovered in ingress-nginx where the rules.http.paths.path Ingress field can be used to inject configuration into nginx. This can lead to arbitrary code execution in the context of the ingress-nginx controller, and disclosure of Secrets accessible to the controller. Note tha...
CVE-2026-1580
A security issue was discovered in ingress-nginx where the nginx.ingress.kubernetes.io/auth-method Ingress annotation can be used to inject configuration into nginx. This can lead to arbitrary code execution in the context of the ingress-nginx controller, and disclosure of Secrets accessible to t...
CVE-2026-24512
A security issue was discovered in ingress-nginx where the rules.http.paths.path Ingress field can be used to inject configuration into nginx. This can lead to arbitrary code execution in the context of the ingress-nginx controller, and disclosure of Secrets accessible to the controller. Note tha...
Allocation of Resources Without Limits or Throttling
Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling via the validating admission controller feature. An attacker can exhaust system memory resources by sending large requests, potentially causing the controller pod to be terminated or...
Allocation of Resources Without Limits or Throttling
Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling via the validating admission controller feature. An attacker can exhaust system memory resources by sending large requests, potentially causing the controller pod to be terminated or...
Improper Check for Unusual or Exceptional Conditions
Overview Affected versions of this package are vulnerable to Improper Check for Unusual or Exceptional Conditions in the auth-url annotation when a specific misconfiguration occurs involving a custom-errors configuration that includes HTTP errors 401 or 403, and the configured default custom-erro...
Improper Check for Unusual or Exceptional Conditions
Overview Affected versions of this package are vulnerable to Improper Check for Unusual or Exceptional Conditions in the auth-url annotation when a specific misconfiguration occurs involving a custom-errors configuration that includes HTTP errors 401 or 403, and the configured default custom-erro...
Improper Input Validation
Overview Affected versions of this package are vulnerable to Improper Input Validation via the rules.http.paths.path field, which allows injection of configuration into the nginx process. An attacker can execute arbitrary code and access sensitive Secrets by crafting malicious input to this field...
Improper Input Validation
Overview Affected versions of this package are vulnerable to Improper Input Validation via the nginx.ingress.kubernetes.io/auth-method annotation, which allows injection of configuration into nginx. An attacker can execute arbitrary code in the context of the ingress controller and access sensiti...
Improper Input Validation
Overview Affected versions of this package are vulnerable to Improper Input Validation via the nginx.ingress.kubernetes.io/auth-method annotation, which allows injection of configuration into nginx. An attacker can execute arbitrary code in the context of the ingress controller and access sensiti...
Improper Input Validation
Overview Affected versions of this package are vulnerable to Improper Input Validation via the rules.http.paths.path field, which allows injection of configuration into the nginx process. An attacker can execute arbitrary code and access sensitive Secrets by crafting malicious input to this field...
CVE-2026-24514 ingress-nginx Admission Controller denial of service
A security issue was discovered in ingress-nginx where the validating admission controller feature is subject to a denial of service condition. By sending large requests to the validating admission controller, an attacker can cause memory consumption, which may result in the ingress-nginx...
CVE-2026-24514 ingress-nginx Admission Controller denial of service
A security issue was discovered in ingress-nginx where the validating admission controller feature is subject to a denial of service condition. By sending large requests to the validating admission controller, an attacker can cause memory consumption, which may result in the ingress-nginx...
CVE-2026-24514
A security issue was discovered in ingress-nginx where the validating admission controller feature is subject to a denial of service condition. By sending large requests to the validating admission controller, an attacker can cause memory consumption, which may result in the ingress-nginx...
CVE-2026-24514
Summary: Ingress-NGINX contains a vulnerability in the validating admission controller that allows an attacker to trigger memory consumption by sending large requests, potentially causing the ingress-nginx controller pod to be killed or the node to run out of memory. This is evidenced across mult...
CVE-2026-24513 ingress-nginx auth-url protection bypass
A security issue was discovered in ingress-nginx where the protection afforded by the auth-url Ingress annotation may not be effective in the presence of a specific misconfiguration. If the ingress-nginx controller is configured with a default custom-errors configuration that includes HTTP errors...
CVE-2026-24513 ingress-nginx auth-url protection bypass
A security issue was discovered in ingress-nginx where the protection afforded by the auth-url Ingress annotation may not be effective in the presence of a specific misconfiguration. If the ingress-nginx controller is configured with a default custom-errors configuration that includes HTTP errors...