EUVD-2026-13343
GHSA-f53h-mxv9-cp98
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Lifecycle Timeline
4Description
A security issue was discovered in ingress-nginx where a combination of Ingress annotations can be used to inject configuration into nginx. This can lead to arbitrary code execution in the context of the ingress-nginx controller, and disclosure of Secrets accessible to the controller. (Note that in the default installation, the controller can access all Secrets cluster-wide.)
Analysis
A configuration injection vulnerability in Kubernetes ingress-nginx controller allows authenticated attackers to inject arbitrary nginx configuration through specially crafted Ingress annotations, leading to remote code execution with controller privileges and exposure of all cluster Secrets. The vulnerability has a high CVSS score of 8.8 and affects the ingress-nginx controller's annotation parsing mechanism. …
Sign in for full analysis, threat intelligence, and remediation guidance.
Remediation
Within 24 hours: Audit all ingress-nginx instances and document their current versions and Secret access permissions; disable or restrict untrusted users' ability to create or modify Ingress objects. Within 7 days: Implement network segmentation to limit ingress-nginx controller exposure; implement annotation validation or admission controllers to block suspicious annotation patterns. …
Sign in for detailed remediation steps.
Priority Score
Share
External POC / Exploit Code
Leaving vuln.today