F5 Nginx_ingress_controller
11 CVEs affecting F5 Nginx_ingress_controller. Latest disclosed: 2026-05-13. Critical: 0, High: 6.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2025-14727 | High | 8.3 | 2025-12-17 | A vulnerability exists in NGINX Ingress Controller's nginx.org/rewrite-target annotation validation. Note: Software versions which have reached End of Techn… |
CVE-2026-42945 | High | 8.1 | 2026-05-13 | NGINX Plus and NGINX Open Source have a vulnerability in the ngx_http_rewrite_module module. This vulnerability exists when the rewrite directive is followed b… |
CVE-2023-44487 | High | 7.5 | 2023-10-10 | The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the w… |
CVE-2022-41742 | High | 7.1 | 2022-10-19 | NGINX Open Source before versions 1.23.2 and 1.22.1, NGINX Open Source Subscription before versions R2 P1 and R1 P1, and NGINX Plus before versions R27 P1 and… |
CVE-2022-41743 | High | 7.0 | 2022-10-19 | NGINX Plus before versions R27 P1 and R26 P1 have a vulnerability in the module ngx_http_hls_module that might allow a local attacker to corrupt NGINX worker m… |
CVE-2022-41741 | High | 7.0 | 2022-10-19 | NGINX Open Source before versions 1.23.2 and 1.22.1, NGINX Open Source Subscription before versions R2 P1 and R1 P1, and NGINX Plus before versions R27 P1 and… |
CVE-2026-42946 | Medium | 6.5 | 2026-05-13 | A vulnerability exists in the ngx_http_scgi_module and ngx_http_uwsgi_module modules that may result in excessive memory allocation or an over-read of data. Wh… |
CVE-2022-30535 | Medium | 6.5 | 2022-08-04 | In versions 2.x before 2.3.0 and all versions of 1.x, An attacker authorized to create or update ingress objects can obtain the secrets available to the NGINX… |
CVE-2021-23055 | Medium | 6.5 | 2022-04-21 | On version 2.x before 2.0.3 and 1.x before 1.12.3, the command line restriction that controls snippet use with NGINX Ingress Controller does not apply to Ingre… |
CVE-2026-1642 | Medium | 5.9 | 2026-02-04 | A vulnerability exists in NGINX OSS and NGINX Plus when configured to proxy to upstream Transport Layer Security (TLS) servers. An attacker with a man-in-the-m… |
CVE-2024-10318 | Medium | 5.4 | 2024-11-06 | A session fixation issue was discovered in the NGINX OpenID Connect reference implementation, where a nonce was not checked at login time. This flaw allows an… |