BIT-NGINX-INGRESS-CONTROLLER-2026-3288 ingress-nginx rewrite-target nginx configuration injection

A security issue was discovered in ingress-nginx where the nginx.ingress.kubernetes.io/rewrite-target Ingress annotation can be used to inject configuration into nginx. This can lead to arbitrary code execution in the context of the ingress-nginx controller, and disclosure of Secrets accessible t...

Improper Validation of Specified Type of Input

Overview Affected versions of this package are vulnerable to Improper Validation of Specified Type of Input in the auth-proxy-set-headers annotation, which allows injection of configuration into nginx. An attacker can execute arbitrary code and access sensitive information by supplying crafted...

CVE-2026-24512

Ingress-NGINX Controller vulnerability CVE-2026-24512: the rules.http.paths.path Ingress field can inject configuration into nginx, enabling arbitrary code execution and access to controller-scoped Secrets. Affected versions include k8s.io/ingress-nginx before 1.13.7 and 1.14.x before 1.14.3; rem...

CVE-2025-1097

A security issue was discovered in ingress-nginx https://github.com/kubernetes/ingress-nginx where the auth-tls-match-cn Ingress annotation can be used to inject configuration into nginx. This can lead to arbitrary code execution in the context of the ingress-nginx controller, and disclosure of...