Kubernetes

Ingress-nginx

21 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
8.8

CVE-2026-4342

  • EPSS 0.03%
  • Veröffentlicht 19.03.2026 21:50:17
  • Zuletzt bearbeitet 20.03.2026 13:37:50

A security issue was discovered in ingress-nginx where a combination of Ingress annotations can be used to inject configuration into nginx. This can lead to arbitrary code execution in the context of the ingress-nginx controller, and disclosure of Se...

8.8

CVE-2026-3288

  • EPSS 0.05%
  • Veröffentlicht 09.03.2026 21:16:20
  • Zuletzt bearbeitet 11.03.2026 13:53:47

A security issue was discovered in ingress-nginx where the `nginx.ingress.kubernetes.io/rewrite-target` Ingress annotation can be used to inject configuration into nginx. This can lead to arbitrary code execution in the context of the ingress-nginx c...

8.8

CVE-2025-15566

  • EPSS 0.04%
  • Veröffentlicht 06.02.2026 03:13:51
  • Zuletzt bearbeitet 06.02.2026 15:14:47

A security issue was discovered in ingress-nginx where the `nginx.ingress.kubernetes.io/auth-proxy-set-headers` Ingress annotation can be used to inject configuration into nginx. This can lead to arbitrary code execution in the context of the ingress...

6.5

CVE-2026-24514

  • EPSS 0.02%
  • Veröffentlicht 03.02.2026 22:17:25
  • Zuletzt bearbeitet 04.02.2026 16:33:44

A security issue was discovered in ingress-nginx where the validating admission controller feature is subject to a denial of service condition. By sending large requests to the validating admission controller, an attacker can cause memory consumption...

3.1

CVE-2026-24513

  • EPSS 0.01%
  • Veröffentlicht 03.02.2026 22:17:17
  • Zuletzt bearbeitet 04.02.2026 16:33:44

A security issue was discovered in ingress-nginx where the protection afforded by the `auth-url` Ingress annotation may not be effective in the presence of a specific misconfiguration. If the ingress-nginx controller is configured with a default cus...

8.8

CVE-2026-24512

  • EPSS 0.07%
  • Veröffentlicht 03.02.2026 22:17:08
  • Zuletzt bearbeitet 09.03.2026 21:16:14

A security issue was discovered in ingress-nginx where the `rules.http.paths.path` Ingress field can be used to inject configuration into nginx. This can lead to arbitrary code execution in the context of the ingress-nginx controller, and disclosure ...

8.8

CVE-2026-1580

  • EPSS 0.04%
  • Veröffentlicht 03.02.2026 22:16:47
  • Zuletzt bearbeitet 04.02.2026 16:33:44

A security issue was discovered in ingress-nginx where the `nginx.ingress.kubernetes.io/auth-method` Ingress annotation can be used to inject configuration into nginx. This can lead to arbitrary code execution in the context of the ingress-nginx cont...

8.8

CVE-2025-24514

Warnung Medienbericht
  • EPSS 23%
  • Veröffentlicht 24.03.2025 23:29:36
  • Zuletzt bearbeitet 04.02.2026 20:16:03

A security issue was discovered in ingress-nginx https://github.com/kubernetes/ingress-nginx where the `auth-url` Ingress annotation can be used to inject configuration into nginx. This can lead to arbitrary code execution in the context of the ing...

4.8

CVE-2025-24513

Warnung
  • EPSS 0.07%
  • Veröffentlicht 24.03.2025 23:29:25
  • Zuletzt bearbeitet 03.11.2025 22:18:40

A security issue was discovered in ingress-nginx https://github.com/kubernetes/ingress-nginx where attacker-provided data are included in a filename by the ingress-nginx Admission Controller feature, resulting in directory traversal within the cont...

8.8

CVE-2025-1098

Warnung Medienbericht
  • EPSS 49.85%
  • Veröffentlicht 24.03.2025 23:29:15
  • Zuletzt bearbeitet 04.02.2026 20:16:02

A security issue was discovered in ingress-nginx https://github.com/kubernetes/ingress-nginx where the `mirror-target` and `mirror-host` Ingress annotations can be used to inject arbitrary configuration into nginx. This can lead to arbitrary code e...