76 matches found
GHSA-GCGV-V5GF-C543 vulnerabilities
Vulnerabilities for packages: ingress-nginx-controller...
CVE-2026-42945 vulnerabilities
Vulnerabilities for packages: ingress-nginx-controller...
GHSA-GCGV-V5GF-C543 vulnerabilities
Vulnerabilities for packages: ingress-nginx-controller, ingress-nginx-controller-fips...
CLEANSTART-2026-OB67529 Security fixes for CVE-2026-33811, CVE-2026-33814, CVE-2026-39820, CVE-2026-39823, CVE-2026-39825, CVE-2026-39826, CVE-2026-39836, CVE-2026-42499 applied in versions: 1.15.1-r0
Multiple security vulnerabilities affect the ingress-nginx-controller-1.15 package. These issues are resolved in later releases. See references for individual vulnerability details...
GHSA-FV83-X2XW-2J55 vulnerabilities
Vulnerabilities for packages: hubble, stakater-reloader, flux-image-reflector-controller, temporal, external-secrets-operator, nfs-subdir-external-provisioner, secrets-store-csi-driver-provider-aws, flux-source-controller, metacontroller, nova, dgraph, spire-server, dataplaneapi,...
Ingress-NGINX Controller < 1.13.9 / 1.14.x < 1.14.5 / 1.15.x < 1.15.1 Configuration Injection
The version of Ingress-NGINX controller installed on the remote host is prior to 1.13.9, 1.14.5, or 1.15.1. It is, therefore, affected by a configuration injection vulnerability. A security issue was discovered in ingress-nginx where a combination of Ingress annotations can be used to inject...
GHSA-84XH-PWC6-7G4G vulnerabilities
Vulnerabilities for packages: ingress-nginx-controller...
CVE-2025-23419 vulnerabilities
Vulnerabilities for packages: ingress-nginx-controller...
CVE-2025-23419 vulnerabilities
Vulnerabilities for packages: ingress-nginx-controller, ingress-nginx-controller-fips...
GHSA-84XH-PWC6-7G4G vulnerabilities
Vulnerabilities for packages: ingress-nginx-controller, ingress-nginx-controller-fips...
Ingress-NGINX Controller < 1.13.7 / 1.14.x < 1.14.3 Multiple Vulnerabilities
The version of Ingress-NGINX controller installed on the remote host is prior to 1.13.7 or 1.14.3. It is, therefore, affected by multiple vulnerabilities: - A security issue was discovered in ingress-nginx where the nginx.ingress.kubernetes.io/auth-method Ingress annotation can be used to inject...
CLEANSTART-2026-OJ41940 net/http package improperly accepts a bare LF as a line terminator in chunked data chunk-size lines
Multiple security vulnerabilities affect the ingress-nginx-controller package. The net/http package improperly accepts a bare LF as a line terminator in chunked data chunk-size lines. See references for individual vulnerability details...
Ingress-nginx admission controller RCE escalation (CVE-2025-1974)
A security issue was discovered in Kubernetes where under certain conditions, an unauthenticated attacker with access to the pod network can achieve arbitrary code execution in the context of the ingress-nginx controller. This can lead to disclosure of Secrets accessible to the controller. Note...
Ingress-Nginx Admission Controller RCE Escalation
A security issue was discovered in Kubernetes where under certain conditions, an unauthenticated attacker with access to the pod network can achieve arbitrary code execution in the context of the ingress-nginx controller. This can lead to disclosure of Secrets accessible to the controller. Note...
About Remote Code Execution โ Kubernetes (CVE-2025-1974) vulnerability
About Remote Code Execution - Kubernetes CVE-2025-1974 vulnerability. An unauthenticated attacker with access to the pod network can achieve arbitrary code execution in the context of the ingress-nginx controller. This can lead to disclosure of Secrets accessible to the controller. In the default...
Vulnerabilities fixed in Kubernetes Ingress NGINX Controller
Kubernetes has fixed a number of vulnerabilities in the Ingress NGINX Controller. These vulnerabilities allow malicious actors to perform unauthenticated remote code execution RCE. The vulnerabilities are located in the ingress-nginx controller. These vulnerabilities include a critical remote cod...
Remote code execution vulnerability in Ingress NGINX Controller (CNVD-2025-05883)
Ingress NGINX Controller is an open source portal controller that uses NGINX as a reverse proxy and load balancer. Ingress NGINX Controller suffers from a remote code execution vulnerability that can be exploited by an attacker to gain access to sensitive data such as credentials and keys across...
Remote Code Execution Vulnerability in Ingress NGINX Controller (CNVD-2025-05885)
Ingress NGINX Controller is an open source portal controller that uses NGINX as a reverse proxy and load balancer. Ingress NGINX Controller suffers from a remote code execution vulnerability that stems from the mirror-target and mirror-host Ingress annotations can be used to inject arbitrary...
Remote code execution vulnerability in Ingress NGINX Controller (CNVD-2025-05884)
Ingress NGINX Controller is an open source portal controller that uses NGINX as a reverse proxy and load balancer. Ingress NGINX Controller suffers from a remote code execution vulnerability that can be exploited by an attacker to gain access to sensitive data such as credentials and keys across...
Remote Code Execution Vulnerability in Ingress NGINX Controller (CNVD-2025-05886)
Ingress NGINX Controller is an open source portal controller that uses NGINX as a reverse proxy and load balancer. Ingress NGINX Controller suffers from a remote code execution vulnerability that stems from auth-tls-match-cn Ingress annotations can be used to inject configurations, which could le...