CVE-2026-4342
- EPSS 1.49%
- Veröffentlicht 19.03.2026 21:50:17
- Zuletzt bearbeitet 19.05.2026 22:16:49
A security issue was discovered in ingress-nginx where a combination of Ingress annotations can be used to inject configuration into nginx. This can lead to arbitrary code execution in the context of the ingress-nginx controller, and disclosure of Se...
CVE-2026-3288
- EPSS 6.67%
- Veröffentlicht 09.03.2026 21:16:20
- Zuletzt bearbeitet 06.05.2026 17:51:14
A security issue was discovered in ingress-nginx where the `nginx.ingress.kubernetes.io/rewrite-target` Ingress annotation can be used to inject configuration into nginx. This can lead to arbitrary code execution in the context of the ingress-nginx c...
CVE-2025-15566
- EPSS 0.47%
- Veröffentlicht 06.02.2026 03:13:51
- Zuletzt bearbeitet 15.04.2026 00:35:42
A security issue was discovered in ingress-nginx where the `nginx.ingress.kubernetes.io/auth-proxy-set-headers` Ingress annotation can be used to inject configuration into nginx. This can lead to arbitrary code execution in the context of the ingress...
CVE-2026-24514
- EPSS 0.46%
- Veröffentlicht 03.02.2026 22:17:25
- Zuletzt bearbeitet 15.04.2026 00:35:42
A security issue was discovered in ingress-nginx where the validating admission controller feature is subject to a denial of service condition. By sending large requests to the validating admission controller, an attacker can cause memory consumption...
CVE-2026-24513
- EPSS 0.28%
- Veröffentlicht 03.02.2026 22:17:17
- Zuletzt bearbeitet 15.04.2026 00:35:42
A security issue was discovered in ingress-nginx where the protection afforded by the `auth-url` Ingress annotation may not be effective in the presence of a specific misconfiguration. If the ingress-nginx controller is configured with a default cus...
CVE-2026-24512
- EPSS 0.5%
- Veröffentlicht 03.02.2026 22:17:08
- Zuletzt bearbeitet 15.04.2026 00:35:42
A security issue was discovered in ingress-nginx where the `rules.http.paths.path` Ingress field can be used to inject configuration into nginx. This can lead to arbitrary code execution in the context of the ingress-nginx controller, and disclosure ...
CVE-2026-1580
- EPSS 0.49%
- Veröffentlicht 03.02.2026 22:16:47
- Zuletzt bearbeitet 15.04.2026 00:35:42
A security issue was discovered in ingress-nginx where the `nginx.ingress.kubernetes.io/auth-method` Ingress annotation can be used to inject configuration into nginx. This can lead to arbitrary code execution in the context of the ingress-nginx cont...
CVE-2025-24514
- EPSS 31.81%
- Veröffentlicht 24.03.2025 23:29:36
- Zuletzt bearbeitet 15.04.2026 00:35:42
A security issue was discovered in ingress-nginx https://github.com/kubernetes/ingress-nginx where the `auth-url` Ingress annotation can be used to inject configuration into nginx. This can lead to arbitrary code execution in the context of the ing...
CVE-2025-24513
- EPSS 3.52%
- Veröffentlicht 24.03.2025 23:29:25
- Zuletzt bearbeitet 15.04.2026 00:35:42
A security issue was discovered in ingress-nginx https://github.com/kubernetes/ingress-nginx where attacker-provided data are included in a filename by the ingress-nginx Admission Controller feature, resulting in directory traversal within the cont...
CVE-2025-1098
- EPSS 83.07%
- Veröffentlicht 24.03.2025 23:29:15
- Zuletzt bearbeitet 15.04.2026 00:35:42
A security issue was discovered in ingress-nginx https://github.com/kubernetes/ingress-nginx where the `mirror-target` and `mirror-host` Ingress annotations can be used to inject arbitrary configuration into nginx. This can lead to arbitrary code e...