CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

6248 matches found

ATTACKERKB•added 2026/02/03 10:17 p.m.•4 views

CVE-2026-24513

A security issue was discovered in ingress-nginx where the protection afforded by the auth-url Ingress annotation may not be effective in the presence of a specific misconfiguration. If the ingress-nginx controller is configured with a default custom-errors configuration that includes HTTP errors...

3.1CVSS5.4AI score0.00278EPSS

Exploits0References2

CVE•added 2026/02/03 10:17 p.m.•43 views

CVE-2026-24513

Ingress-NGINX contains a vulnerability where the protection of the auth-url Ingress annotation can be bypassed if a default custom-errors backend is configured with HTTP 401/403 and that backend incorrectly ignores the X-Code header. The built-in custom-errors backend functions correctly, but tri...

3.1CVSS5.5AI score0.00278EPSS

Exploits0References1

Cvelist•added 2026/02/03 10:17 p.m.•29 views

CVE-2026-24512 ingress-nginx auth-method nginx configuration injection

A security issue was discovered in ingress-nginx where the rules.http.paths.path Ingress field can be used to inject configuration into nginx. This can lead to arbitrary code execution in the context of the ingress-nginx controller, and disclosure of Secrets accessible to the controller. Note tha...

8.8CVSS0.00501EPSS

Exploits1References1

Vulnrichment•added 2026/02/03 10:17 p.m.•4 views

CVE-2026-24512 ingress-nginx auth-method nginx configuration injection

8.8CVSS6.5AI score0.00501EPSS

Exploits1References1

ATTACKERKB•added 2026/02/03 10:17 p.m.•6 views

CVE-2026-24512

8.8CVSS6.5AI score0.00501EPSS

Exploits1References2

CVE•added 2026/02/03 10:17 p.m.•191 views

CVE-2026-24512

Ingress-NGINX Controller vulnerability CVE-2026-24512: the rules.http.paths.path Ingress field can inject configuration into nginx, enabling arbitrary code execution and access to controller-scoped Secrets. Affected versions include k8s.io/ingress-nginx before 1.13.7 and 1.14.x before 1.14.3; rem...

8.8CVSS6.5AI score0.00501EPSS

Exploits1References1

Cvelist•added 2026/02/03 10:16 p.m.•29 views

CVE-2026-1580 ingress-nginx auth-method nginx configuration injection

A security issue was discovered in ingress-nginx where the nginx.ingress.kubernetes.io/auth-method Ingress annotation can be used to inject configuration into nginx. This can lead to arbitrary code execution in the context of the ingress-nginx controller, and disclosure of Secrets accessible to t...

8.8CVSS0.00485EPSS

Exploits0References1

Vulnrichment•added 2026/02/03 10:16 p.m.•4 views

CVE-2026-1580 ingress-nginx auth-method nginx configuration injection

8.8CVSS6.3AI score0.00485EPSS

Exploits0References1

ATTACKERKB•added 2026/02/03 10:16 p.m.•4 views

CVE-2026-1580

8.8CVSS6.3AI score0.00485EPSS

Exploits0References2

CVE•added 2026/02/03 10:16 p.m.•62 views

CVE-2026-1580

CVE-2026-1580 affects the ingress-nginx controller. The vulnerability arises from the nginx.ingress.kubernetes.io/auth-method Ingress annotation, which can be used to inject configuration into nginx, enabling arbitrary code execution in the controller context and disclosure of Secrets accessible ...

8.8CVSS6.3AI score0.00485EPSS

Exploits0References1

CNNVD•added 2026/02/03 12:0 a.m.•3 views

Kubernetes ingress-nginx 安全漏洞

Kubernetes ingress-nginx is a Kubernetes entry controller open-sourced by the Cloud Native Computing Foundation. It uses NGINX as a reverse proxy and load balancer. There is a security vulnerability in Kubernetes ingress-nginx. This vulnerability arises from the protection provided by the auth-ur...

3.1CVSS7.2AI score0.00278EPSS

Exploits0References1

CNNVD•added 2026/02/03 12:0 a.m.•4 views

Kubernetes ingress-nginx 安全漏洞

Kubernetes ingress-nginx is a Kubernetes entry controller open-sourced by the Cloud Native Computing Foundation. It uses NGINX as a reverse proxy and load balancer. There is a security vulnerability in Kubernetes ingress-nginx; this vulnerability stems from a denial-of-service condition in the...

6.5CVSS7.2AI score0.0046EPSS

Exploits1References1

OSV•added 2026/01/30 5:14 p.m.•4 views

CLEANSTART-2026-BA37192 When multiple server blocks are configured to share the same IP address and port, an attacker can use session resumption to bypass client certificate authentication requirements on these servers

Multiple security vulnerabilities affect the nginx package. When multiple server blocks are configured to share the same IP address and port, an attacker can use session resumption to bypass client certificate authentication requirements on these servers. See references for individual vulnerabili...

9.8CVSS7.3AI score0.99999EPSS

Exploits43References43

OSV•added 2026/01/30 5:13 p.m.•2 views

CLEANSTART-2026-XB16901 When multiple server blocks are configured to share the same IP address and port, an attacker can use session resumption to bypass client certificate authentication requirements on these servers

9.8CVSS7.3AI score0.99999EPSS

Exploits43References43

OSV•added 2026/01/30 3:13 p.m.•3 views

CLEANSTART-2026-OJ41940 net/http package improperly accepts a bare LF as a line terminator in chunked data chunk-size lines

Multiple security vulnerabilities affect the ingress-nginx-controller package. The net/http package improperly accepts a bare LF as a line terminator in chunked data chunk-size lines. See references for individual vulnerability details...

9.8CVSS5.5AI score0.00804EPSS

Exploits0References17

OSV•added 2026/01/29 2:16 p.m.•4 views

CVE-2026-1616