Ingress-nginx

This hub aggregates every CVE we track for Ingress-nginx, a product in the cloud saas space. Use it to gauge the current risk picture and drill into individual advisories.

Severity distribution

Monthly trend

The 15 most recently published vulnerabilities affecting Ingress-nginx.

• CVE-2026-4342ingress-nginx comment-based nginx configuration injection8.8Mar 19, 2026
• CVE-2026-3288ingress-nginx rewrite-target nginx configuration injection8.8Mar 9, 2026
• CVE-2025-15566ingress-nginx auth-proxy-set-headers nginx configuration injection8.8Feb 6, 2026
• CVE-2026-24514ingress-nginx Admission Controller denial of service6.5Feb 3, 2026
• CVE-2026-24513ingress-nginx auth-url protection bypass3.1Feb 3, 2026
• CVE-2026-24512ingress-nginx auth-method nginx configuration injection8.8Feb 3, 2026
• CVE-2026-1580ingress-nginx auth-method nginx configuration injection8.8Feb 3, 2026
• CVE-2025-24514ingress-nginx controller - configuration injection via unsanitized auth-url annotation8.8Mar 24, 2025
• CVE-2025-24513ingress-nginx controller - auth secret file path traversal vulnerability4.8Mar 24, 2025
• CVE-2025-1098ingress-nginx controller - configuration injection via unsanitized mirror annotations8.8Mar 24, 2025
• CVE-2025-1097ingress-nginx controller - configuration injection via unsanitized auth-tls-match-cn annotation8.8Mar 24, 2025
• CVE-2025-1974ingress-nginx admission controller RCE escalation9.8Mar 24, 2025
• CVE-2024-7646A security issue was discovered in ingress-nginx where an actor with permission to create Ingress objects (in the `networking.k8s.io` or `extensions` API group) can bypass annotation validation to ...8.8Aug 16, 2024
• CVE-2023-5044Code injection via nginx.ingress.kubernetes.io/permanent-redirect annotation7.6Oct 25, 2023
• CVE-2023-5043Ingress nginx annotation injection causes arbitrary command execution7.6Oct 25, 2023