Kubernetes Ingress-Nginx vulnerabilities
20 known vulnerabilities affecting kubernetes/ingress-nginx.
Total CVEs
20
CISA KEV
0
Public exploits
3
Exploited in wild
0
Severity breakdown
HIGH14MEDIUM5LOW1
Vulnerabilities
Page 1 of 1
CVE-2025-1098P2HIGHCVSS 8.8PoC≤ 1.11.4v1.12.02025-03-25
CVE-2025-1098 [HIGH] CWE-20 CVE-2025-1098: A security issue was discovered in ingress-nginx https://github.com/kubernetes/ingress-nginx where
A security issue was discovered in ingress-nginx https://github.com/kubernetes/ingress-nginx where the `mirror-target` and `mirror-host` Ingress annotations can be used to inject arbitrary configuration into nginx. This can lead to arbitrary code execution in the context of the ingress-nginx controller, and disclosure of Secrets accessible to the controlle
nvd
CVE-2025-1097P2HIGHCVSS 8.8PoC≤ 1.11.4v1.12.02025-03-25
CVE-2025-1097 [HIGH] CWE-20 CVE-2025-1097: A security issue was discovered in ingress-nginx https://github.com/kubernetes/ingress-nginx where
A security issue was discovered in ingress-nginx https://github.com/kubernetes/ingress-nginx where the `auth-tls-match-cn` Ingress annotation can be used to inject configuration into nginx. This can lead to arbitrary code execution in the context of the ingress-nginx controller, and disclosure of Secrets accessible to the controller. (Note that in the defa
nvd
CVE-2025-24514P2HIGHCVSS 8.8PoC≤ 1.11.4v1.12.02025-03-25
CVE-2025-24514 [HIGH] CWE-20 CVE-2025-24514: A security issue was discovered in ingress-nginx https://github.com/kubernetes/ingress-nginx where
A security issue was discovered in ingress-nginx https://github.com/kubernetes/ingress-nginx where the `auth-url` Ingress annotation can be used to inject configuration into nginx. This can lead to arbitrary code execution in the context of the ingress-nginx controller, and disclosure of Secrets accessible to the controller. (Note that in the default ins
nvd
CVE-2024-7646P2HIGHCVSS 8.8≥ 1.11.0, < 1.11.2fixed in 1.10.42024-08-16
CVE-2024-7646 [HIGH] CWE-20 CVE-2024-7646: A security issue was discovered in ingress-nginx where an actor with permission to create Ingress ob
A security issue was discovered in ingress-nginx where an actor with permission to create Ingress objects (in the `networking.k8s.io` or `extensions` API group) can bypass annotation validation to inject arbitrary commands and obtain the credentials of the ingress-nginx controller. In the default configuration, that credential has access to all secrets i
nvd
CVE-2023-5044P2HIGHCVSS 8.8fixed in 1.9.02023-10-25
CVE-2023-5044 [HIGH] CWE-20 CVE-2023-5044: Code injection via nginx.ingress.kubernetes.io/permanent-redirect annotation.
Code injection via nginx.ingress.kubernetes.io/permanent-redirect annotation.
nvd
CVE-2026-3288P2HIGHCVSS 8.8fixed in 1.13.8≥ 1.14.0, < 1.14.4+2 more2026-03-09
CVE-2026-3288 [HIGH] CWE-20 CVE-2026-3288: A security issue was discovered in ingress-nginx where the `nginx.ingress.kubernetes.io/rewrite-targ
A security issue was discovered in ingress-nginx where the `nginx.ingress.kubernetes.io/rewrite-target` Ingress annotation can be used to inject configuration into nginx. This can lead to arbitrary code execution in the context of the ingress-nginx controller, and disclosure of Secrets accessible to the controller. (Note that in the default installation,
nvd
CVE-2023-5043P2HIGHCVSS 8.8fixed in 1.9.02023-10-25
CVE-2023-5043 [HIGH] CWE-20 CVE-2023-5043: Ingress nginx annotation injection causes arbitrary command execution.
Ingress nginx annotation injection causes arbitrary command execution.
nvd
CVE-2026-4342P3HIGHCVSS 8.8fixed in 1.13.9fixed in 1.14.5+1 more2026-03-19
CVE-2026-4342 [HIGH] CWE-20 CVE-2026-4342: A security issue was discovered in ingress-nginx where a combination of Ingress annotations can be u
A security issue was discovered in ingress-nginx where a combination of Ingress annotations can be used to inject configuration into nginx. This can lead to arbitrary code execution in the context of the ingress-nginx controller, and disclosure of Secrets accessible to the controller. (Note that in the default installation, the controller can access all
nvd
CVE-2026-24512P3HIGHCVSS 8.8fixed in 1.13.7fixed in 1.14.32026-02-03
CVE-2026-24512 [HIGH] CWE-20 CVE-2026-24512: A security issue was discovered in ingress-nginx where the `rules.http.paths.path` Ingress field can
A security issue was discovered in ingress-nginx where the `rules.http.paths.path` Ingress field can be used to inject configuration into nginx. This can lead to arbitrary code execution in the context of the ingress-nginx controller, and disclosure of Secrets accessible to the controller. (Note that in the default installation, the controller can acce
nvd
CVE-2026-1580P3HIGHCVSS 8.8fixed in 1.13.7fixed in 1.14.32026-02-03
CVE-2026-1580 [HIGH] CWE-20 CVE-2026-1580: A security issue was discovered in ingress-nginx where the `nginx.ingress.kubernetes.io/auth-method`
A security issue was discovered in ingress-nginx where the `nginx.ingress.kubernetes.io/auth-method` Ingress annotation can be used to inject configuration into nginx. This can lead to arbitrary code execution in the context of the ingress-nginx controller, and disclosure of Secrets accessible to the controller. (Note that in the default installation, th
nvd
CVE-2025-15566P3HIGHCVSS 8.8fixed in 1.12.5fixed in 1.13.12026-02-06
CVE-2025-15566 [HIGH] CWE-20 CVE-2025-15566: A security issue was discovered in ingress-nginx where the `nginx.ingress.kubernetes.io/auth-proxy-s
A security issue was discovered in ingress-nginx where the `nginx.ingress.kubernetes.io/auth-proxy-set-headers` Ingress annotation can be used to inject configuration into nginx. This can lead to arbitrary code execution in the context of the ingress-nginx controller, and disclosure of Secrets accessible to the controller. (Note that in the default ins
nvd
CVE-2021-25745P3HIGHCVSS 8.1fixed in 1.2.02022-05-06
CVE-2021-25745 [HIGH] CWE-20 CVE-2021-25745: A security issue was discovered in ingress-nginx where a user that can create or update ingress obje
A security issue was discovered in ingress-nginx where a user that can create or update ingress objects can use the spec.rules[].http.paths[].path field of an Ingress object (in the networking.k8s.io or extensions API group) to obtain the credentials of the ingress-nginx controller. In the default configuration, that credential has access to all secret
nvd
CVE-2021-25746P3HIGHCVSS 7.1fixed in 1.2.02022-05-06
CVE-2021-25746 [HIGH] CWE-20 CVE-2021-25746: A security issue was discovered in ingress-nginx where a user that can create or update ingress obje
A security issue was discovered in ingress-nginx where a user that can create or update ingress objects can use .metadata.annotations in an Ingress object (in the networking.k8s.io or extensions API group) to obtain the credentials of the ingress-nginx controller. In the default configuration, that credential has access to all secrets in the cluster.
nvd
CVE-2021-25748P3MEDIUMCVSS 6.5fixed in 1.2.12023-05-24
CVE-2021-25748 [MEDIUM] CWE-20 CVE-2021-25748: A security issue was discovered in ingress-nginx where a user that can create or update ingress obje
A security issue was discovered in ingress-nginx where a user that can create or update ingress objects can use a newline character to bypass the sanitization of the `spec.rules[].http.paths[].path` field of an Ingress object (in the `networking.k8s.io` or `extensions` API group) to obtain the credentials of the ingress-nginx controller. In the defau
nvd
CVE-2021-25742P3HIGHCVSS 7.1fixed in 0.49.1v1.0.02021-10-29
CVE-2021-25742 [HIGH] CWE-20 CVE-2021-25742: A security issue was discovered in ingress-nginx where a user that can create or update ingress obje
A security issue was discovered in ingress-nginx where a user that can create or update ingress objects can use the custom snippets feature to obtain all secrets in the cluster.
nvd
CVE-2026-24514P3MEDIUMCVSS 6.5fixed in 1.13.7fixed in 1.14.32026-02-03
CVE-2026-24514 [MEDIUM] CWE-770 CVE-2026-24514: A security issue was discovered in ingress-nginx where the validating admission controller feature i
A security issue was discovered in ingress-nginx where the validating admission controller feature is subject to a denial of service condition. By sending large requests to the validating admission controller, an attacker can cause memory consumption, which may result in the ingress-nginx controller pod being killed or the node running out of memory
nvd
CVE-2022-4886P4MEDIUMCVSS 6.5fixed in 1.8.02023-10-25
CVE-2022-4886 [MEDIUM] CWE-20 CVE-2022-4886: Ingress-nginx `path` sanitization can be bypassed with `log_format` directive.
Ingress-nginx `path` sanitization can be bypassed with `log_format` directive.
nvd
CVE-2020-8553P4MEDIUMCVSS 5.9fixed in 0.28.0≥ unspecified, < 0.28.02020-07-29
CVE-2020-8553 [MEDIUM] CWE-73 CVE-2020-8553: The Kubernetes ingress-nginx component prior to version 0.28.0 allows a user with the ability to cre
The Kubernetes ingress-nginx component prior to version 0.28.0 allows a user with the ability to create namespaces and to read and create ingress objects to overwrite the password file of another ingress which uses nginx.ingress.kubernetes.io/auth-type: basic and which has a hyphenated namespace or secret name.
nvd
CVE-2025-24513P4MEDIUMCVSS 4.8≤ 1.11.4v1.12.02025-03-25
CVE-2025-24513 [MEDIUM] CWE-20 CVE-2025-24513: A security issue was discovered in ingress-nginx https://github.com/kubernetes/ingress-nginx where
A security issue was discovered in ingress-nginx https://github.com/kubernetes/ingress-nginx where attacker-provided data are included in a filename by the ingress-nginx Admission Controller feature, resulting in directory traversal within the container. This could result in denial of service, or when combined with other vulnerabilities, limited disclo
nvd
CVE-2026-24513P4LOWCVSS 3.1fixed in 1.13.7fixed in 1.14.32026-02-03
CVE-2026-24513 [LOW] CWE-754 CVE-2026-24513: A security issue was discovered in ingress-nginx where the protection afforded by the `auth-url` Ing
A security issue was discovered in ingress-nginx where the protection afforded by the `auth-url` Ingress annotation may not be effective in the presence of a specific misconfiguration.
If the ingress-nginx controller is configured with a default custom-errors configuration that includes HTTP errors 401 or 403, and if the configured default custom-erro
nvd