4 matches found
CVE-2026-4342
A security issue was discovered in ingress-nginx where a combination of Ingress annotations can be used to inject configuration into nginx. This can lead to arbitrary code execution in the context of the ingress-nginx controller, and disclosure of Secrets accessible to the controller. Note that i...
PT-2026-24119
Name of the Vulnerable Software and Affected Versions ingress-nginx versions prior to 1.13.7 ingress-nginx versions prior to 1.14.3 Description A security issue exists due to insufficient input validation when processing Ingress resource annotations. An attacker can use the...
BIT-NGINX-INGRESS-CONTROLLER-2026-1580 ingress-nginx auth-method nginx configuration injection
A security issue was discovered in ingress-nginx where the nginx.ingress.kubernetes.io/auth-method Ingress annotation can be used to inject configuration into nginx. This can lead to arbitrary code execution in the context of the ingress-nginx controller, and disclosure of Secrets accessible to t...
Improper Input Validation
Overview Affected versions of this package are vulnerable to Improper Input Validation through the auth-url annotation which can be used to inject configuration into nginx. Remediation Upgrade k8s.io/ingress-nginx/internal/ingress/annotations/auth to version 1.11.5, 1.12.1, 4.11.5, 4.12.1 or...