Ingress-Nginx Controller - Configuration Injection via Unsanitized `auth-tls-match-cn` Annotation

A security issue was discovered in ingress-nginx https-//github.com/kubernetes/ingress-nginx where the auth-tls-match-cn Ingress annotation can be used to inject configuration into nginx. This can lead to arbitrary code execution in the context of the ingress-nginx controller, and disclosure of...

Ingress-Nginx Controller - Configuration Injection via Unsanitized `auth-url` Annotation

A security issue was discovered in ingress-nginx https-//github.com/kubernetes/ingress-nginx where the auth-url Ingress annotation can be used to inject configuration into nginx. This can lead to arbitrary code execution in the context of the ingress-nginx controller, and disclosure of Secrets...

Ingress-Nginx Controller - Remote Code Execution

A security issue was discovered in Kubernetes where under certain conditions, an unauthenticated attacker with access to the pod network can achieve arbitrary code execution in the context of the ingress-nginx controller. This can lead to disclosure of Secrets accessible to the controller. Note...

Ingress-Nginx Controller - Configuration Injection via Unsanitized Mirror Annotations

A security issue was discovered in ingress-nginx https-//github.com/kubernetes/ingress-nginx where the mirror-target and mirror-host Ingress annotations can be used to inject arbitrary configuration into nginx. This can lead to arbitrary code execution in the context of the ingress-nginx...

GO-2026-5128 Traefik Kubernetes Ingress NGINX provider fails open when auth-secret resolution fails in github.com/traefik/traefik

Traefik Kubernetes Ingress NGINX provider fails open when auth-secret resolution fails in github.com/traefik/traefik...

CVE-2026-42055 vulnerabilities

Vulnerabilities for packages: ingress-nginx-controller, ingress-nginx-controller-fips...

GHSA-78JW-WW3G-9WP7 vulnerabilities

Vulnerabilities for packages: ingress-nginx-controller, ingress-nginx-controller-fips...

CVE-2026-48142 vulnerabilities

Vulnerabilities for packages: ingress-nginx-controller, ingress-nginx-controller-fips...

GHSA-2388-JP8V-FG9W vulnerabilities

Vulnerabilities for packages: ingress-nginx-controller, ingress-nginx-controller-fips...

GHSA-2388-JP8V-FG9W vulnerabilities

Vulnerabilities for packages: ingress-nginx-controller...

CVE-2026-48142 vulnerabilities

Vulnerabilities for packages: ingress-nginx-controller...

CVE-2026-42055 vulnerabilities

Vulnerabilities for packages: ingress-nginx-controller...

GHSA-78JW-WW3G-9WP7 vulnerabilities

Vulnerabilities for packages: ingress-nginx-controller...

CVE-2026-54762

A flaw was found in Traefik, an HTTP reverse proxy and load balancer. When an Ingress is configured to use BasicAuth or DigestAuth, but the associated authentication secret cannot be resolved or is malformed, Traefik fails to apply the authentication middleware. This allows unauthenticated access...

CVE-2026-54762

Traefik is an HTTP reverse proxy and load balancer. From 3.7.0-ea.1 until 3.7.5, there is a medium severity vulnerability in Traefik's Kubernetes Ingress NGINX provider that causes affected routes to fail open. When an Ingress explicitly enables BasicAuth or DigestAuth through the supported...

CVE-2026-54762 Traefik Kubernetes Ingress NGINX provider fails open when auth-secret resolution fails

Traefik is an HTTP reverse proxy and load balancer. From 3.7.0-ea.1 until 3.7.5, there is a medium severity vulnerability in Traefik's Kubernetes Ingress NGINX provider that causes affected routes to fail open. When an Ingress explicitly enables BasicAuth or DigestAuth through the supported...

CVE-2026-54762

Traefik is an HTTP reverse proxy and load balancer. From 3.7.0-ea.1 until 3.7.5, there is a medium severity vulnerability in Traefik's Kubernetes Ingress NGINX provider that causes affected routes to fail open. When an Ingress explicitly enables BasicAuth or DigestAuth through the supported...

CVE-2026-54762

Traefik’s Kubernetes Ingress NGINX provider (versions 3.7.0-ea.1 through 3.7.5) contains a medium-severity fail-open vulnerability: if an Ingress enables BasicAuth or DigestAuth but the referenced auth-secret cannot be resolved or parsed, Traefik logs an error, skips installing the authentication...

Traefik Kubernetes Ingress NGINX provider fails open when auth-secret resolution fails

Summary There is a medium severity vulnerability in Traefik's Kubernetes Ingress NGINX provider that causes affected routes to fail open. When an Ingress explicitly enables BasicAuth or DigestAuth through the supported nginx.ingress.kubernetes.io/auth-type and auth-secret annotations, but the...

GHSA-4MR2-FG2P-W63C Traefik Kubernetes Ingress NGINX provider fails open when auth-secret resolution fails

Summary There is a medium severity vulnerability in Traefik's Kubernetes Ingress NGINX provider that causes affected routes to fail open. When an Ingress explicitly enables BasicAuth or DigestAuth through the supported nginx.ingress.kubernetes.io/auth-type and auth-secret annotations, but the...