VIR Vulnerability Intelligence Relay

Package impact

golang Go / k8s.io/ingress-nginx

Severitycriticalhighmediumlowunknown
0
KEVHas exploit
Reset
CVE Severity CVSS Risk Flags OS Vendor Published Description
CVE-2026-4342 high 8.8 8.8 3mo ago ingress-nginx comment-based nginx configuration injection in k8s.io/ingress-nginx
CVE-2021-25745 high 8.0 4y ago Improper Input Validation in k8s.io/ingress-nginx
CVE-2025-1098 unknown 1.0 1y ago ingress-nginx controller - configuration injection via unsanitized mirror annotations in k8s.io/ingress-nginx
CVE-2025-1097 unknown 1.0 1y ago ngress-nginx controller - configuration injection via unsanitized auth-tls-match-cn annotation in k8s.io/ingress-nginx
CVE-2025-1974 unknown 1.0 1y ago ingress-nginx admission controller RCE escalation in k8s.io/ingress-nginx
CVE-2025-24514 unknown 1.0 1y ago ingress-nginx controller - configuration injection via unsanitized auth-url annotation in k8s.io/ingress-nginx
CVE-2026-1580 unknown 4mo ago ingress-nginx's `nginx.ingress.kubernetes.io/auth-method` Ingress annotation can be used to inject configuration into nginx in k8s.io/ingress-nginx
CVE-2026-24513 unknown 4mo ago ingress-nginx has Improper Check for Unusual or Exceptional Conditions in k8s.io/ingress-nginx
CVE-2026-24512 unknown 4mo ago ingress-nginx's `rules.http.paths.path` Ingress field can be used to inject configuration into nginx in k8s.io/ingress-nginx
CVE-2026-24514 unknown 4mo ago ingress-nginx vulnerable to Allocation of Resources Without Limits or Throttling in k8s.io/ingress-nginx
CVE-2025-24513 unknown 1y ago ingress-nginx controller - auth secret file path traversal vulnerability in k8s.io/ingress-nginx
CVE-2023-5044 unknown 3y ago Ingress-nginx code injection via nginx.ingress.kubernetes.io/permanent-redirect annotation in k8s.io/ingress-nginx
CVE-2023-5043 unknown 3y ago Ingress nginx annotation injection causes arbitrary command execution
CVE-2022-4886 unknown 3y ago Ingress-nginx path sanitization can be bypassed
CVE-2021-25748 unknown 3y ago Ingress-nginx `path` sanitization can be bypassed with newline character
CVE-2020-8553 unknown 4y ago ingress-nginx component for Kubernetes allows file overwrite
CVE-2018-1002104 unknown 4y ago Kubernetes ingress exposes sensitive information