CVE-2026-3288
published 2026-03-09CVE-2026-3288: A security issue was discovered in ingress-nginx where the `nginx.ingress.kubernetes.io/rewrite-target` Ingress annotation can be used to inject configuration…
PriorityP264high8.8CVSS 3.1
AVNACLPRLUINSUCHIHAH
EPSS
6.67%
93.1th percentile
A security issue was discovered in ingress-nginx where the `nginx.ingress.kubernetes.io/rewrite-target` Ingress annotation can be used to inject configuration into nginx. This can lead to arbitrary code execution in the context of the ingress-nginx controller, and disclosure of Secrets accessible to the controller. (Note that in the default installation, the controller can access all Secrets cluster-wide.)
Affected
4 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| kubernetes | ingress-nginx | < 1.14.4 | 1.14.4 |
| kubernetes | ingress-nginx | < 1.15.0 | 1.15.0 |
| kubernetes | ingress-nginx | < 1.13.8 | 1.13.8 |
| kubernetes | ingress-nginx | >= 1.14.0 < 1.14.4 | 1.14.4 |
Detection & IOCsextracted from sources · hover to see the quote
- →Monitor Ingress resources for use of the `nginx.ingress.kubernetes.io/rewrite-target` annotation with suspicious or unexpected values that may inject nginx configuration directives. ↗
- ·In the default ingress-nginx installation, the controller has cluster-wide access to all Secrets, significantly expanding the blast radius of successful exploitation. ↗
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
No public exploits indexed.
Wiz
CVE-2026-24512 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 8.8
CVE-2026-24512 [HIGH] CVE-2026-24512 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-24512 :
Ingress NGINX Controller (community-driven) vulnerability analysis and mitigation
rules.http.paths.path
Source : NVD
## 8.8
Score
Published February 3, 2026
Severity HIGH
CNA Score 8.8
High-profile Vulnerability Yes
Affected Technologies
Ingress NGINX Controller (community-driven)
MinimOS
Has Public Exploit Yes
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 20.8
Exploitation Probability (EPSS) 0.1
Affected packages and libraries
ingress-nginx-controller-1.14
k8s.io/ingress-nginx
Sources
GoLang Severity HIGH Has Fix Added at: Feb 08, 2026
MinimOS Severity HIGH Has Fix Added at: Feb 08, 2026
Linux Severity HIGH Has Fix Added at: Feb 03, 2026
Windows Severity HIGH Has Fix Added
Wiz
CVE-2026-3288 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 8.8
CVE-2026-3288 [HIGH] CVE-2026-3288 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-3288 :
Ingress NGINX Controller (community-driven) vulnerability analysis and mitigation
nginx.ingress.kubernetes.io/rewrite-target
Source : NVD
## 8.8
Score
Published March 9, 2026
Severity HIGH
CNA Score 8.8
Affected Technologies
Ingress NGINX Controller (community-driven)
Has Public Exploit Yes
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 13.9
Exploitation Probability (EPSS) N/A
Affected packages and libraries
cpe:2.3:a:kubernetes:ingress-nginx
Sources
Linux Severity HIGH Has Fix Added at: Mar 10, 2026
Windows Severity HIGH Has Fix Added at: Mar 10, 2026
## Get a CVE risk assessment
Get a prioritized view of CVEs in your cloud—so you can focus on what's exploitable, not just what
Wiz
CVE-2025-15566 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 8.8
CVE-2025-15566 [HIGH] CVE-2025-15566 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2025-15566 :
Ingress NGINX Controller (community-driven) vulnerability analysis and mitigation
nginx.ingress.kubernetes.io/auth-proxy-set-headers
Source : NVD
## 8.8
Score
Published February 6, 2026
Severity HIGH
CNA Score 8.8
Affected Technologies
Ingress NGINX Controller (community-driven)
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 13.5
Exploitation Probability (EPSS) N/A
Affected packages and libraries
cpe:2.3:a:kubernetes:ingress-nginx
Sources
NVD
Linux Severity HIGH Has Fix Added at: Feb 08, 2026
Windows Severity HIGH Has Fix Added at: Feb 08, 2026
## Get a CVE risk assessment
Get a prioritized view of CVEs in your cloud—so you can focus on what's exploitabl
Wiz
CVE-2026-24513 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 8.8
CVE-2026-24513 [HIGH] CVE-2026-24513 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-24513 :
Ingress NGINX Controller (community-driven) vulnerability analysis and mitigation
auth-url
auth-url
Note that the built-in custom-errors backend works correctly. To trigger this issue requires an administrator to specifically configure ingress-nginx with a broken external component.
Source : NVD
## 3.1
Score
Published February 3, 2026
Severity LOW
CNA Score 3.1
High-profile Vulnerability Yes
Affected Technologies
Ingress NGINX Controller (community-driven)
MinimOS
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 2.1
Exploitation Probability (EPSS) N/A
Affected packages and libraries
cpe:2.3:a:kubernetes:ingress-nginx
k8s.io/ingress-nginx
Sources
GoLang Seve
Wiz
CVE-2026-24514 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 8.8
CVE-2026-24514 [HIGH] CVE-2026-24514 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-24514 :
Ingress NGINX Controller (community-driven) vulnerability analysis and mitigation
A security issue was discovered in ingress-nginx where the validating admission controller feature is subject to a denial of service condition. By sending large requests to the validating admission controller, an attacker can cause memory consumption, which may result in the ingress-nginx controller pod being killed or the node running out of memory.
Source : NVD
## 6.5
Score
Published February 3, 2026
Severity MEDIUM
CNA Score 6.5
High-profile Vulnerability Yes
Affected Technologies
Ingress NGINX Controller (community-driven)
MinimOS
Has Public Exploit Yes
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS)
Wiz
CVE-2026-4342 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 8.8
CVE-2026-4342 [HIGH] CVE-2026-4342 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-4342 :
Ingress NGINX Controller (community-driven) vulnerability analysis and mitigation
A security issue was discovered in ingress-nginx where a combination of Ingress annotations can be used to inject configuration into nginx. This can lead to arbitrary code execution in the context of the ingress-nginx controller, and disclosure of Secrets accessible to the controller. (Note that in the default installation, the controller can access all Secrets cluster-wide.)
Source : NVD
## 8.8
Score
Published March 19, 2026
Severity HIGH
CNA Score 8.8
Affected Technologies
Ingress NGINX Controller (community-driven)
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 11.3
Exploitation Pr
Wiz
CVE-2026-1580 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 8.8
CVE-2026-1580 [HIGH] CVE-2026-1580 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-1580 :
Ingress NGINX Controller (community-driven) vulnerability analysis and mitigation
nginx.ingress.kubernetes.io/auth-method
Source : NVD
## 8.8
Score
Published February 3, 2026
Severity HIGH
CNA Score 8.8
High-profile Vulnerability Yes
Affected Technologies
Ingress NGINX Controller (community-driven)
MinimOS
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 13.5
Exploitation Probability (EPSS) N/A
Affected packages and libraries
cpe:2.3:a:kubernetes:ingress-nginx
k8s.io/ingress-nginx
Sources
GoLang Severity HIGH Has Fix Added at: Feb 08, 2026
MinimOS Severity HIGH Has Fix Added at: Feb 08, 2026
Linux Severity HIGH Has Fix Added at: Feb 03, 2026
Windows Severit
2026-03-09
Published