K8s.io/ingress-nginx

This hub aggregates every CVE we track for K8s.io/ingress-nginx, a product in the oss libraries space. Use it to gauge the current risk picture and drill into individual advisories.

Severity distribution

Monthly trend

The 15 most recently published vulnerabilities affecting K8s.io/ingress-nginx.

• CVE-2026-24514ingress-nginx Admission Controller denial of service6.5Feb 3, 2026
• CVE-2026-24513ingress-nginx auth-url protection bypass3.1Feb 3, 2026
• CVE-2026-24512ingress-nginx auth-method nginx configuration injection8.8Feb 3, 2026
• CVE-2026-1580ingress-nginx auth-method nginx configuration injection8.8Feb 3, 2026
• CVE-2025-24514ingress-nginx controller - configuration injection via unsanitized auth-url annotation8.8Mar 24, 2025
• CVE-2025-24513ingress-nginx controller - auth secret file path traversal vulnerability4.8Mar 24, 2025
• CVE-2025-1098ingress-nginx controller - configuration injection via unsanitized mirror annotations8.8Mar 24, 2025
• CVE-2025-1097ingress-nginx controller - configuration injection via unsanitized auth-tls-match-cn annotation8.8Mar 24, 2025
• CVE-2025-1974ingress-nginx admission controller RCE escalation9.8Mar 24, 2025
• CVE-2023-5044Code injection via nginx.ingress.kubernetes.io/permanent-redirect annotation7.6Oct 25, 2023
• CVE-2023-5043Ingress nginx annotation injection causes arbitrary command execution7.6Oct 25, 2023
• CVE-2022-4886Ingress-nginx `path` sanitization can be bypassed with `log_format` directive8.8Oct 25, 2023
• CVE-2021-25748Ingress-nginx `path` sanitization can be bypassed with newline character7.6May 24, 2023
• CVE-2021-25745Ingress-nginx path can be pointed to service account token file7.6May 6, 2022
• CVE-2020-8553Kubernetes ingress-nginx Compromise of auth via subset/superset namespace names5.9Jul 29, 2020