K8S.Io Ingress-Nginx vulnerabilities

CVE-2026-4342 [HIGH] CWE-20 ingress-nginx comment-based nginx configuration injection ingress-nginx comment-based nginx configuration injection A security issue was discovered in ingress-nginx where a combination of Ingress annotations can be used to inject configuration into nginx. This can lead to arbitrary code execution in the context of the ingress-nginx controller, and disclosure of Secrets accessible to the controller. (Note that in the default installation, the controller can access all

CVE-2026-1580 [HIGH] CWE-20 ingress-nginx's `nginx.ingress.kubernetes.io/auth-method` Ingress annotation can be used to inject configuration into nginx ingress-nginx's `nginx.ingress.kubernetes.io/auth-method` Ingress annotation can be used to inject configuration into nginx A security issue was discovered in ingress-nginx where the `nginx.ingress.kubernetes.io/auth-method` Ingress annotation can be used to inject configuration into nginx. This can lead to arbitrary code execution in the contex

CVE-2026-24512 [HIGH] CWE-20 ingress-nginx's `rules.http.paths.path` Ingress field can be used to inject configuration into nginx ingress-nginx's `rules.http.paths.path` Ingress field can be used to inject configuration into nginx A security issue was discovered in ingress-nginx. Tthe `rules.http.paths.path` Ingress field can be used to inject configuration into nginx. This can lead to arbitrary code execution in the context of the ingress-nginx controller, and disclosure of Secrets accessible

CVE-2026-24514 [MEDIUM] CWE-770 ingress-nginx vulnerable to Allocation of Resources Without Limits or Throttling ingress-nginx vulnerable to Allocation of Resources Without Limits or Throttling A security issue was discovered in ingress-nginx where the validating admission controller feature is subject to a denial of service condition. By sending large requests to the validating admission controller, an attacker can cause memory consumption, which may result in the ingress-nginx controller pod

CVE-2026-24513 [LOW] CWE-754 ingress-nginx has Improper Check for Unusual or Exceptional Conditions ingress-nginx has Improper Check for Unusual or Exceptional Conditions A security issue was discovered in ingress-nginx where the protection afforded by the `auth-url` Ingress annotation may not be effective in the presence of a specific misconfiguration. If the ingress-nginx controller is configured with a default custom-errors configuration that includes HTTP errors 401 or 403, and if the conf

CVE-2025-1974 [CRITICAL] CWE-653 ingress-nginx admission controller RCE escalation ingress-nginx admission controller RCE escalation A security issue was discovered in Kubernetes where under certain conditions, an unauthenticated attacker with access to the pod network can achieve arbitrary code execution in the context of the ingress-nginx controller. This can lead to disclosure of Secrets accessible to the controller. (Note that in the default installation, the controller can access all Secre

CVE-2025-24514 [HIGH] CWE-15 ingress-nginx controller - configuration injection via unsanitized auth-url annotation ingress-nginx controller - configuration injection via unsanitized auth-url annotation A security issue was discovered in [ingress-nginx](https://github.com/kubernetes/ingress-nginx) where the `auth-url` Ingress annotation can be used to inject configuration into nginx. This can lead to arbitrary code execution in the context of the ingress-nginx controller, and disclosure of Secr

CVE-2025-1097 [HIGH] CWE-15 ngress-nginx controller - configuration injection via unsanitized auth-tls-match-cn annotation ngress-nginx controller - configuration injection via unsanitized auth-tls-match-cn annotation A security issue was discovered in [ingress-nginx](https://github.com/kubernetes/ingress-nginx) where the `auth-tls-match-cn` Ingress annotation can be used to inject configuration into nginx. This can lead to arbitrary code execution in the context of the ingress-nginx controller

CVE-2025-1098 [HIGH] CWE-15 ingress-nginx controller - configuration injection via unsanitized mirror annotations ingress-nginx controller - configuration injection via unsanitized mirror annotations A security issue was discovered in [ingress-nginx](https://github.com/kubernetes/ingress-nginx) where the `mirror-target` and `mirror-host` Ingress annotations can be used to inject arbitrary configuration into nginx. This can lead to arbitrary code execution in the context of the ingress-nginx con

CVE-2025-24513 [MEDIUM] CWE-20 ingress-nginx controller - auth secret file path traversal vulnerability ingress-nginx controller - auth secret file path traversal vulnerability A security issue was discovered in [ingress-nginx](https://github.com/kubernetes/ingress-nginx) where attacker-provided data are included in a filename by the ingress-nginx Admission Controller feature, resulting in directory traversal within the container. This could result in denial of service, or when combined with ot

CVE-2023-5044 [HIGH] CWE-20 Ingress-nginx code injection via nginx.ingress.kubernetes.io/permanent-redirect annotation Ingress-nginx code injection via nginx.ingress.kubernetes.io/permanent-redirect annotation A security issue was identified in [ingress-nginx](https://github.com/kubernetes/ingress-nginx) where the nginx.ingress.kubernetes.io/permanent-redirect annotation on an Ingress object (in the networking.k8s.io or extensions API group) can be used to inject arbitrary commands, and obtain

CVE-2023-5043 [HIGH] CWE-20 Ingress nginx annotation injection causes arbitrary command execution Ingress nginx annotation injection causes arbitrary command execution ### Issue Details A security issue was identified in ingress-nginx where the nginx.ingress.kubernetes.io/configuration-snippet annotation on an Ingress object (in the networking.k8s.io or extensions API group) can be used to inject arbitrary commands, and obtain the credentials of the ingress-nginx controller. In the default conf

CVE-2022-4886 [HIGH] CWE-20 Ingress-nginx path sanitization can be bypassed Ingress-nginx path sanitization can be bypassed Ingress-nginx `path` sanitization can be bypassed with `log_format` directive.

CVE-2021-25748 [MEDIUM] CWE-20 Ingress-nginx `path` sanitization can be bypassed with newline character Ingress-nginx `path` sanitization can be bypassed with newline character A security issue was discovered in ingress-nginx where a user that can create or update ingress objects can use a newline character to bypass the sanitization of the `spec.rules[].http.paths[].path` field of an Ingress object (in the `networking.k8s.io` or `extensions` API group) to obtain the credentials of the ingress-

CVE-2020-8553 [MEDIUM] CWE-610 ingress-nginx component for Kubernetes allows file overwrite ingress-nginx component for Kubernetes allows file overwrite The Kubernetes ingress-nginx component prior to version 0.28.0 allows a user with the ability to create namespaces and to read and create ingress objects to overwrite the password file of another ingress which uses nginx.ingress.kubernetes.io/auth-type: basic and which has a hyphenated namespace or secret name.

CVE-2018-1002104 [MEDIUM] CWE-20 Kubernetes ingress exposes sensitive information Kubernetes ingress exposes sensitive information Versions < 1.5 of the Kubernetes ingress default backend, which handles invalid ingress traffic, exposed prometheus metrics publicly.

CVE-2021-25745 [HIGH] CWE-20 Improper Input Validation in k8s.io/ingress-nginx Improper Input Validation in k8s.io/ingress-nginx A security issue was discovered in ingress-nginx where a user that can create or update ingress objects can use the spec.rules[].http.paths[].path field of an Ingress object (in the networking.k8s.io or extensions API group) to obtain the credentials of the ingress-nginx controller. In the default configuration, that credential has access to all secrets in the cluster