Support Us — Your donation helps us keep running

Goal: 1000 CNY,Raised: 1000 CNY

100.0%
Donate Now

ingress-nginx — Vulnerabilities & Security Advisories 17

All 17 CVE vulnerabilities found in ingress-nginx, with AI-generated Chinese analysis, references, and POCs.

Vendor: Kubernetes

CVE IDTitleCVSSSeverityPaused
CVE-2026-4342 ingress-nginx comment-based nginx configuration injection CWE-20 8.8 High2026-03-19
CVE-2026-3288 ingress-nginx rewrite-target nginx configuration injection CWE-20 8.8 High2026-03-09
CVE-2025-15566 ingress-nginx auth-proxy-set-headers nginx configuration injection CWE-20 8.8 High2026-02-06
CVE-2026-24514 ingress-nginx Admission Controller denial of service CWE-770 6.5 Medium2026-02-03
CVE-2026-24513 ingress-nginx auth-url protection bypass CWE-754 3.1 Low2026-02-03
CVE-2026-24512 ingress-nginx auth-method nginx configuration injection CWE-20 8.8 High2026-02-03
CVE-2026-1580 ingress-nginx auth-method nginx configuration injection CWE-20 8.8 High2026-02-03
CVE-2025-24514 ingress-nginx controller - configuration injection via unsanitized auth-url annotation CWE-20 8.8 High2025-03-24
CVE-2025-24513 ingress-nginx controller - auth secret file path traversal vulnerability CWE-20 4.8 Medium2025-03-24
CVE-2025-1098 ingress-nginx controller - configuration injection via unsanitized mirror annotations CWE-20 8.8 High2025-03-24
CVE-2025-1097 ingress-nginx controller - configuration injection via unsanitized auth-tls-match-cn annotation CWE-20 8.8 High2025-03-24
CVE-2025-1974 ingress-nginx admission controller RCE escalation CWE-653 9.8 Critical2025-03-24
CVE-2024-7646 Ingress NGINX Controller 安全漏洞 CWE-20 8.8 High2024-08-16
CVE-2023-5044 Code injection via nginx.ingress.kubernetes.io/permanent-redirect annotation CWE-20 7.6 High2023-10-25
CVE-2023-5043 Ingress nginx annotation injection causes arbitrary command execution CWE-20 7.6 High2023-10-25
CVE-2022-4886 Ingress-nginx `path` sanitization can be bypassed with `log_format` directive CWE-20 8.8 High2023-10-25
CVE-2020-8553 Kubernetes ingress-nginx Compromise of auth via subset/superset namespace names CWE-73 5.9 Medium2020-07-29

All 17 known CVE vulnerabilities affecting ingress-nginx with full Chinese analysis, references, and POCs where available.