Ingress Nginx
Approved changes feed: RSS · Atom
cpe:2.3:a:kubernetes:ingress-nginx:*:*:*:*:*:*:*:*
part: a version: * update: *
| Vendor | Kubernetes (3ee05930-9e42-51b2-ad52-30832f573b15) |
|---|---|
| Product | Ingress Nginx (49c41bf0-d303-5318-8b27-118fe6da64a3) |
| Edition | * |
| Language | * |
| Software edition | * |
| Target software | * |
| Target hardware | * |
| Other | * |
| Notes | Imported from purl2cpe mapping |
PURL mappings
| PURL | Source | Last updated |
|---|---|---|
pkg:github/kubernetes/ingress-nginx |
purl2cpe | 2026-06-01 10:13:27.482204 |
Vulnerability references
| Identifier | cpeApplicability | Submitted | db.gcve.eu details | Rationale |
|---|---|---|---|---|
CVE:CVE-2026-4342 |
vulnerable | 2026-06-03 15:26:25.324274 |
ingress-nginx comment-based nginx configuration injection
HIGH (8.8)
A security issue was discovered in ingress-nginx where a combination of Ingress annotations can be used to inject configuration into nginx. This can lead to arbitrary code execution in the context of the ingress-nginx controller, and disclosure of Secrets accessible to the controller. (Note that in the default installation, the controller can access all Secrets cluster-wide.)
Published: 2026-03-19T21:50:17.878Z
Updated: 2026-03-21T04:01:49.391Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2026-3288 |
vulnerable | 2026-06-03 15:23:32.003576 |
ingress-nginx rewrite-target nginx configuration injection
HIGH (8.8)
A security issue was discovered in ingress-nginx where the `nginx.ingress.kubernetes.io/rewrite-target` Ingress annotation can be used to inject configuration into nginx. This can lead to arbitrary code execution in the context of the ingress-nginx controller, and disclosure of Secrets accessible to the controller. (Note that in the default installation, the controller can access all Secrets cluster-wide.)
Published: 2026-03-09T21:00:48.196Z
Updated: 2026-04-30T12:40:52.366Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2026-24514 |
vulnerable | 2026-06-03 15:16:52.636632 |
ingress-nginx Admission Controller denial of service
MEDIUM (6.5)
A security issue was discovered in ingress-nginx where the validating admission controller feature is subject to a denial of service condition. By sending large requests to the validating admission controller, an attacker can cause memory consumption, which may result in the ingress-nginx controller pod being killed or the node running out of memory.
Published: 2026-02-03T22:17:25.137Z
Updated: 2026-02-18T17:29:47.895Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2026-24513 |
vulnerable | 2026-06-03 15:16:52.636253 |
ingress-nginx auth-url protection bypass
LOW (3.1)
A security issue was discovered in ingress-nginx where the protection afforded by the `auth-url` Ingress annotation may not be effective in the presence of a specific misconfiguration.
If the ingress-nginx controller is configured with a default custom-errors configuration that includes HTTP errors 401 or 403, and if the configured default custom-errors backend is defective and fails to respect the X-Code HTTP header, then an Ingress with the `auth-url` annotation may be accessed even when authentication fails.
Note that the built-in custom-errors backend works correctly. To trigger this issue requires an administrator to specifically configure ingress-nginx with a broken external component.
Published: 2026-02-03T22:17:17.315Z
Updated: 2026-02-18T17:29:42.496Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2026-24512 |
vulnerable | 2026-06-03 15:16:52.635761 |
ingress-nginx auth-method nginx configuration injection
HIGH (8.8)
A security issue was discovered in ingress-nginx where the `rules.http.paths.path` Ingress field can be used to inject configuration into nginx. This can lead to arbitrary code execution in the context of the ingress-nginx controller, and disclosure of Secrets accessible to the controller. (Note that in the default installation, the controller can access all Secrets cluster-wide.)
Published: 2026-02-03T22:17:08.989Z
Updated: 2026-03-09T21:01:16.788Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2026-1580 |
vulnerable | 2026-06-03 15:14:44.687193 |
ingress-nginx auth-method nginx configuration injection
HIGH (8.8)
A security issue was discovered in ingress-nginx where the `nginx.ingress.kubernetes.io/auth-method` Ingress annotation can be used to inject configuration into nginx. This can lead to arbitrary code execution in the context of the ingress-nginx controller, and disclosure of Secrets accessible to the controller. (Note that in the default installation, the controller can access all Secrets cluster-wide.)
Published: 2026-02-03T22:16:47.223Z
Updated: 2026-02-26T15:04:22.416Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-24514 |
vulnerable | 2026-06-03 14:59:56.230308 |
ingress-nginx controller - configuration injection via unsanitized auth-url annotation
HIGH (8.8)
A security issue was discovered in ingress-nginx https://github.com/kubernetes/ingress-nginx where the `auth-url` Ingress annotation can be used to inject configuration into nginx. This can lead to arbitrary code execution in the context of the ingress-nginx controller, and disclosure of Secrets accessible to the controller. (Note that in the default installation, the controller can access all Secrets cluster-wide.)
Published: 2025-03-24T23:29:36.802Z
Updated: 2026-02-26T19:09:12.808Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-24513 |
vulnerable | 2026-06-03 14:59:56.229802 |
ingress-nginx controller - auth secret file path traversal vulnerability
MEDIUM (4.8)
A security issue was discovered in ingress-nginx https://github.com/kubernetes/ingress-nginx where attacker-provided data are included in a filename by the ingress-nginx Admission Controller feature, resulting in directory traversal within the container. This could result in denial of service, or when combined with other vulnerabilities, limited disclosure of Secret objects from the cluster.
Published: 2025-03-24T23:29:25.215Z
Updated: 2025-11-03T21:12:43.390Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-1974 |
vulnerable | 2026-06-03 14:59:06.894455 |
ingress-nginx admission controller RCE escalation
CRITICAL (9.8)
A security issue was discovered in Kubernetes where under certain conditions, an unauthenticated attacker with access to the pod network can achieve arbitrary code execution in the context of the ingress-nginx controller. This can lead to disclosure of Secrets accessible to the controller. (Note that in the default installation, the controller can access all Secrets cluster-wide.)
Published: 2025-03-24T23:28:48.985Z
Updated: 2026-02-26T19:09:14.726Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-1098 |
vulnerable | 2026-06-03 14:58:57.809904 |
ingress-nginx controller - configuration injection via unsanitized mirror annotations
HIGH (8.8)
A security issue was discovered in ingress-nginx https://github.com/kubernetes/ingress-nginx where the `mirror-target` and `mirror-host` Ingress annotations can be used to inject arbitrary configuration into nginx. This can lead to arbitrary code execution in the context of the ingress-nginx controller, and disclosure of Secrets accessible to the controller. (Note that in the default installation, the controller can access all Secrets cluster-wide.)
Published: 2025-03-24T23:29:15.610Z
Updated: 2026-02-26T19:09:13.280Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-1097 |
vulnerable | 2026-06-03 14:58:57.809593 |
ingress-nginx controller - configuration injection via unsanitized auth-tls-match-cn annotation
HIGH (8.8)
A security issue was discovered in ingress-nginx https://github.com/kubernetes/ingress-nginx where the `auth-tls-match-cn` Ingress annotation can be used to inject configuration into nginx. This can lead to arbitrary code execution in the context of the ingress-nginx controller, and disclosure of Secrets accessible to the controller. (Note that in the default installation, the controller can access all Secrets cluster-wide.)
Published: 2025-03-24T23:29:05.879Z
Updated: 2026-02-26T19:09:14.028Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-15566 |
vulnerable | 2026-06-03 14:58:57.346885 |
ingress-nginx auth-proxy-set-headers nginx configuration injection
HIGH (8.8)
A security issue was discovered in ingress-nginx where the `nginx.ingress.kubernetes.io/auth-proxy-set-headers` Ingress annotation can be used to inject configuration into nginx. This can lead to arbitrary code execution in the context of the ingress-nginx controller, and disclosure of Secrets accessible to the controller. (Note that in the default installation, the controller can access all Secrets cluster-wide.)
Published: 2026-02-06T03:13:51.717Z
Updated: 2026-02-26T15:04:16.591Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-7646 |
vulnerable | 2026-06-03 14:58:06.606730 |
Details available
HIGH (8.8)
A security issue was discovered in ingress-nginx where an actor with permission to create Ingress objects (in the `networking.k8s.io` or `extensions` API group) can bypass annotation validation to inject arbitrary commands and obtain the credentials of the ingress-nginx controller. In the default configuration, that credential has access to all secrets in the cluster.
Published: 2024-08-16T17:36:53.783Z
Updated: 2024-08-19T18:28:09.677Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2023-5044 |
vulnerable | 2026-06-03 14:53:46.835411 |
Code injection via nginx.ingress.kubernetes.io/permanent-redirect annotation
HIGH (7.6)
Code injection via nginx.ingress.kubernetes.io/permanent-redirect annotation.
Published: 2023-10-25T19:19:08.139Z
Updated: 2025-06-12T14:53:17.540Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2023-5043 |
vulnerable | 2026-06-03 14:53:46.834925 |
Ingress nginx annotation injection causes arbitrary command execution
HIGH (7.6)
Ingress nginx annotation injection causes arbitrary command execution.
Published: 2023-10-25T19:18:57.704Z
Updated: 2025-02-13T17:19:26.664Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2022-4886 |
vulnerable | 2026-06-03 14:48:42.245459 |
Ingress-nginx `path` sanitization can be bypassed with `log_format` directive
HIGH (8.8)
Ingress-nginx `path` sanitization can be bypassed with `log_format` directive.
Published: 2023-10-25T19:18:45.982Z
Updated: 2025-02-13T16:34:04.600Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2021-25748 |
vulnerable | 2026-06-03 14:44:05.821123 |
Ingress-nginx `path` sanitization can be bypassed with newline character
HIGH (7.6)
A security issue was discovered in ingress-nginx where a user that can create or update ingress objects can use a newline character to bypass the sanitization of the `spec.rules[].http.paths[].path` field of an Ingress object (in the `networking.k8s.io` or `extensions` API group) to obtain the credentials of the ingress-nginx controller. In the default configuration, that credential has access to all secrets in the cluster.
Published: 2023-05-24T00:00:00.000Z
Updated: 2025-01-16T21:23:39.341Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2021-25746 |
vulnerable | 2026-06-03 14:44:05.820762 |
Ingress-nginx directive injection via annotations
HIGH (7.6)
A security issue was discovered in ingress-nginx where a user that can create or update ingress objects can use .metadata.annotations in an Ingress object (in the networking.k8s.io or extensions API group) to obtain the credentials of the ingress-nginx controller. In the default configuration, that credential has access to all secrets in the cluster.
Published: 2022-05-06T00:50:15.541Z
Updated: 2024-09-17T03:48:11.881Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2021-25745 |
vulnerable | 2026-06-03 14:44:05.820356 |
Ingress-nginx path can be pointed to service account token file
HIGH (7.6)
A security issue was discovered in ingress-nginx where a user that can create or update ingress objects can use the spec.rules[].http.paths[].path field of an Ingress object (in the networking.k8s.io or extensions API group) to obtain the credentials of the ingress-nginx controller. In the default configuration, that credential has access to all secrets in the cluster.
Published: 2022-05-06T00:50:14.042Z
Updated: 2024-09-16T18:24:11.711Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2021-25742 |
vulnerable | 2026-06-03 14:44:05.815016 |
Ingress-nginx custom snippets allows retrieval of ingress-nginx serviceaccount token and secrets across all namespaces
HIGH (7.6)
A security issue was discovered in ingress-nginx where a user that can create or update ingress objects can use the custom snippets feature to obtain all secrets in the cluster.
Published: 2021-10-29T04:05:10.713Z
Updated: 2024-09-16T23:06:12.392Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2020-8553 |
vulnerable | 2026-06-03 14:43:09.639411 |
Kubernetes ingress-nginx Compromise of auth via subset/superset namespace names
MEDIUM (5.9)
The Kubernetes ingress-nginx component prior to version 0.28.0 allows a user with the ability to create namespaces and to read and create ingress objects to overwrite the password file of another ingress which uses nginx.ingress.kubernetes.io/auth-type: basic and which has a hyphenated namespace or secret name.
Published: 2020-07-29T14:53:32.000Z
Updated: 2024-08-04T10:03:46.369Z Reference links |
Imported from gcve-enriched-dumps CVE data |
Contribute
You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.