wid-sec-w-2026-0801
·
Published 2026-03-19
·
View on BSI CERT-Bund ↗
Kubernetes (ingress-nginx): Vulnerability allows Ausführen from beliebigem Programmcode and die Offenlegung from Informationen
CVSS 8.8
HIGH
Risk Summary
A security issue was discovered in ingress-nginx where a combination of Ingress annotations can be used to inject configuration into nginx. This can lead to arbitrary code execution in the context of the ingress-nginx controller, and disclosure of Secrets accessible to the controller. (Note that in the default installation, the controller can access all Secrets cluster-wide.)
CVEs (1)
Affected Vendors
Open Source
Affected Products (6)
Open Source
·
Kubernetes
ingress-nginx <1.13.9
Open Source
·
Kubernetes
ingress-nginx 1.13.9
Open Source
·
Kubernetes
ingress-nginx <1.14.5
Open Source
·
Kubernetes
ingress-nginx 1.14.5
Open Source
·
Kubernetes
ingress-nginx <1.15.1
Open Source
·
Kubernetes
ingress-nginx 1.15.1
Get alerted to advisories like this
OTWarden monitors CISA, BSI, Siemens, Rockwell and more — and emails you within 2 hours when your vendors are affected.
Start free trial Learn more