Kubernetes Ingress-nginx
17 CVEs affecting Kubernetes Ingress-nginx. Latest disclosed: 2026-03-19. Critical: 1, High: 12.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2025-1974 | Critical | 9.8 | 2025-03-24 | A security issue was discovered in Kubernetes where under certain conditions, an unauthenticated attacker with access to the pod network can achieve arbitrary… |
CVE-2026-4342 | High | 8.8 | 2026-03-19 | A security issue was discovered in ingress-nginx where a combination of Ingress annotations can be used to inject configuration into nginx. This can lead to ar… |
CVE-2026-3288 | High | 8.8 | 2026-03-09 | A security issue was discovered in ingress-nginx where the `nginx.ingress.kubernetes.io/rewrite-target` Ingress annotation can be used to inject configuration… |
CVE-2025-15566 | High | 8.8 | 2026-02-06 | A security issue was discovered in ingress-nginx where the `nginx.ingress.kubernetes.io/auth-proxy-set-headers` Ingress annotation can be used to inject config… |
CVE-2026-24512 | High | 8.8 | 2026-02-03 | A security issue was discovered in ingress-nginx where the `rules.http.paths.path` Ingress field can be used to inject configuration into nginx. This can lead… |
CVE-2026-1580 | High | 8.8 | 2026-02-03 | A security issue was discovered in ingress-nginx where the `nginx.ingress.kubernetes.io/auth-method` Ingress annotation can be used to inject configuration int… |
CVE-2025-24514 | High | 8.8 | 2025-03-24 | A security issue was discovered in ingress-nginx https://github.com/kubernetes/ingress-nginx where the `auth-url` Ingress annotation can be used to inject co… |
CVE-2025-1098 | High | 8.8 | 2025-03-24 | A security issue was discovered in ingress-nginx https://github.com/kubernetes/ingress-nginx where the `mirror-target` and `mirror-host` Ingress annotations… |
CVE-2025-1097 | High | 8.8 | 2025-03-24 | A security issue was discovered in ingress-nginx https://github.com/kubernetes/ingress-nginx where the `auth-tls-match-cn` Ingress annotation can be used to… |
CVE-2024-7646 | High | 8.8 | 2024-08-16 | A security issue was discovered in ingress-nginx where an actor with permission to create Ingress objects (in the `networking.k8s.io` or `extensions` API group… |
CVE-2022-4886 | High | 8.8 | 2023-10-25 | Ingress-nginx `path` sanitization can be bypassed with `log_format` directive. |
CVE-2023-5044 | High | 7.6 | 2023-10-25 | Code injection via nginx.ingress.kubernetes.io/permanent-redirect annotation. |
CVE-2023-5043 | High | 7.6 | 2023-10-25 | Ingress nginx annotation injection causes arbitrary command execution. |
CVE-2026-24514 | Medium | 6.5 | 2026-02-03 | A security issue was discovered in ingress-nginx where the validating admission controller feature is subject to a denial of service condition. By sending larg… |
CVE-2020-8553 | Medium | 5.9 | 2020-07-29 | The Kubernetes ingress-nginx component prior to version 0.28.0 allows a user with the ability to create namespaces and to read and create ingress objects to ov… |
CVE-2025-24513 | Medium | 4.8 | 2025-03-24 | A security issue was discovered in ingress-nginx https://github.com/kubernetes/ingress-nginx where attacker-provided data are included in a filename by the i… |
CVE-2026-24513 | Low | 3.1 | 2026-02-03 | A security issue was discovered in ingress-nginx where the protection afforded by the `auth-url` Ingress annotation may not be effective in the presence of a s… |