Improper Validation of Specified Type of Input

Overview Affected versions of this package are vulnerable to Improper Validation of Specified Type of Input in the auth-proxy-set-headers annotation, which allows injection of configuration into nginx. An attacker can execute arbitrary code and access sensitive information by supplying crafted...

CVE-2025-15566

A security issue was discovered in ingress-nginx where the nginx.ingress.kubernetes.io/auth-proxy-set-headers Ingress annotation can be used to inject configuration into nginx. This can lead to arbitrary code execution in the context of the ingress-nginx controller, and disclosure of Secrets...

EUVD-2025-206889

A security issue was discovered in ingress-nginx where the nginx.ingress.kubernetes.io/auth-proxy-set-headers Ingress annotation can be used to inject configuration into nginx. This can lead to arbitrary code execution in the context of the ingress-nginx controller, and disclosure of Secrets...

PT-2026-6670

Name of the Vulnerable Software and Affected Versions ingress-nginx affected versions not specified Description A security issue exists in ingress-nginx where the nginx.ingress.kubernetes.io/auth-proxy-set-headers Ingress annotation can be used to inject configuration into nginx. This can result ...

Kubernetes ingress-nginx 安全漏洞

Kubernetes ingress-nginx is a Kubernetes entry controller open source by the Cloud Native Computing Foundation. It uses NGINX as a reverse proxy and load balancer. There is a security vulnerability in Kubernetes ingress-nginx. This vulnerability stems from the...