Ingress-Nginx Controller - Configuration Injection via Unsanitized `auth-url` Annotation

A security issue was discovered in ingress-nginx https-//github.com/kubernetes/ingress-nginx where the auth-url Ingress annotation can be used to inject configuration into nginx. This can lead to arbitrary code execution in the context of the ingress-nginx controller, and disclosure of Secrets...

Ingress-Nginx Controller - Configuration Injection via Unsanitized Mirror Annotations

A security issue was discovered in ingress-nginx https-//github.com/kubernetes/ingress-nginx where the mirror-target and mirror-host Ingress annotations can be used to inject arbitrary configuration into nginx. This can lead to arbitrary code execution in the context of the ingress-nginx...

Ingress-Nginx Controller - Configuration Injection via Unsanitized `auth-tls-match-cn` Annotation

A security issue was discovered in ingress-nginx https-//github.com/kubernetes/ingress-nginx where the auth-tls-match-cn Ingress annotation can be used to inject configuration into nginx. This can lead to arbitrary code execution in the context of the ingress-nginx controller, and disclosure of...

Exploit for CVE-2026-42945

ingress-nginx CVE-2026-42945 backport kit This repository doc...

CVE-2026-42945 vulnerabilities

Vulnerabilities for packages: ingress-nginx-controller...

GHSA-GCGV-V5GF-C543 vulnerabilities

Vulnerabilities for packages: ingress-nginx-controller...

CVE-2026-42945 vulnerabilities

Vulnerabilities for packages: ingress-nginx-controller-fips, ingress-nginx-controller...

GHSA-GCGV-V5GF-C543 vulnerabilities

Vulnerabilities for packages: ingress-nginx-controller-fips, ingress-nginx-controller...

CLEANSTART-2026-OB67529 Security fixes for CVE-2026-33811, CVE-2026-33814, CVE-2026-39820, CVE-2026-39823, CVE-2026-39825, CVE-2026-39826, CVE-2026-39836, CVE-2026-42499 applied in versions: 1.15.1-r0

Multiple security vulnerabilities affect the ingress-nginx-controller-1.15 package. These issues are resolved in later releases. See references for individual vulnerability details...

ROS-20260429-73-0041

A vulnerability in the incoming traffic controller in a Kubernetes ingress-nginx cluster is related to insufficient input validation. Exploitation of the vulnerability could allow a remote attacker to execute arbitrary code...

ROS-20260429-73-0040

A vulnerability in the incoming traffic controller in the Kubernetes ingress-nginx cluster is related to flaws in the input validation mechanism. Exploitation of the vulnerability could allow an attacker acting remotely to execute arbitrary code...

GHSA-FV83-X2XW-2J55 vulnerabilities

Vulnerabilities for packages: apko, karpenter, clickhouse-operator, grafana-operator, temporal, flux-image-automation-controller, aws-load-balancer-controller, github-mcp-server, secrets-store-csi-driver-provider-aws, grafana-rollout-operator, ingress-nginx-controller,...

K000160575: ingress-nginx vulnerability CVE-2026-24512

Security Advisory Description A security issue was discovered in ingress-nginx where the rules.http.paths.path Ingress field can be used to inject configuration into nginx. This can lead to arbitrary code execution in the context of the ingress-nginx controller, and disclosure of Secrets accessib...

SUSE CVE-2026-4342

A security issue was discovered in ingress-nginx where a combination of Ingress annotations can be used to inject configuration into nginx. This can lead to arbitrary code execution in the context of the ingress-nginx controller, and disclosure of Secrets accessible to the controller. Note that i...

GHSA-67JX-R9PV-98RJ Traefik has Knative Ingress Rule Injection that Allows Host Restriction Bypass

Summary There is a potential vulnerability in Traefik's Kubernetes Knative, Ingress, and Ingress-NGINX providers related to rule injection. User-controlled values are interpolated into backtick-delimited Traefik router rule expressions without escaping or validation. A malicious value containing ...

CVE-2026-4342

A security issue was discovered in ingress-nginx where a combination of Ingress annotations can be used to inject configuration into nginx. This can lead to arbitrary code execution in the context of the ingress-nginx controller, and disclosure of Secrets accessible to the controller. Note that i...

Ingress-NGINX Controller < 1.13.9 / 1.14.x < 1.14.5 / 1.15.x < 1.15.1 Configuration Injection

The version of Ingress-NGINX controller installed on the remote host is prior to 1.13.9, 1.14.5, or 1.15.1. It is, therefore, affected by a configuration injection vulnerability. A security issue was discovered in ingress-nginx where a combination of Ingress annotations can be used to inject...

GO-2026-4796 ingress-nginx comment-based nginx configuration injection in k8s.io/ingress-nginx

ingress-nginx comment-based nginx configuration injection in k8s.io/ingress-nginx...

BIT-NGINX-INGRESS-CONTROLLER-2026-4342 ingress-nginx comment-based nginx configuration injection

A security issue was discovered in ingress-nginx where a combination of Ingress annotations can be used to inject configuration into nginx. This can lead to arbitrary code execution in the context of the ingress-nginx controller, and disclosure of Secrets accessible to the controller. Note that i...

Exploit for CVE-2026-4342

CVE-2026-4342 Test Environment Configuration These files set...