{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-24512", "assignerOrgId": "a6081bf6-c852-4425-ad4f-a67919267565", "state": "PUBLISHED", "assignerShortName": "kubernetes", "dateReserved": "2026-01-23T06:54:35.912Z", "datePublished": "2026-02-03T22:17:08.989Z", "dateUpdated": "2026-03-09T21:01:16.788Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "affected", "product": "ingress-nginx", "repo": "https://github.com/kubernetes/ingress-nginx", "vendor": "Kubernetes", "versions": [{"lessThan": "1.13.7", "status": "affected", "version": "0", "versionType": "semver"}, {"lessThan": "1.14.3", "status": "affected", "version": "0", "versionType": "semver"}]}], "datePublic": "2026-02-02T14:00:00.000Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "A security issue was discovered in ingress-nginx where the `rules.http.paths.path` Ingress field can be used to inject configuration into nginx. This can lead to arbitrary code execution in the context of the ingress-nginx controller, and disclosure of Secrets accessible to the controller. (Note that in the default installation, the controller can access all Secrets cluster-wide.)"}], "value": "A security issue was discovered in ingress-nginx where the `rules.http.paths.path` Ingress field can be used to inject configuration into nginx. This can lead to arbitrary code execution in the context of the ingress-nginx controller, and disclosure of Secrets accessible to the controller. (Note that in the default installation, the controller can access all Secrets cluster-wide.)"}], "impacts": [{"capecId": "CAPEC-176", "descriptions": [{"lang": "en", "value": "CAPEC-176 Configuration/Environment Manipulation"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-20", "description": "CWE-20 Improper Input Validation", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "a6081bf6-c852-4425-ad4f-a67919267565", "shortName": "kubernetes", "dateUpdated": "2026-03-09T21:01:16.788Z"}, "references": [{"url": "https://github.com/kubernetes/kubernetes/issues/136678"}], "credits": [{"lang": "en", "value": "Maxime Escourbiac and Yassine Bengana (Michelin CERT)", "type": "finder"}], "source": {"discovery": "UNKNOWN"}, "title": "ingress-nginx auth-method nginx configuration injection", "x_generator": {"engine": "Vulnogram 0.5.0"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-24512", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2026-02-05T04:55:13.926861Z"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-02-26T15:04:22.072Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-24512", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2026-02-05T04:55:13.926861Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-02-04T19:54:37.655Z"}}], "cna": {"title": "ingress-nginx auth-method nginx configuration injection", "source": {"discovery": "UNKNOWN"}, "credits": [{"lang": "en", "type": "finder", "value": "Maxime Escourbiac and Yassine Bengana (Michelin CERT)"}], "impacts": [{"capecId": "CAPEC-176", "descriptions": [{"lang": "en", "value": "CAPEC-176 Configuration/Environment Manipulation"}]}], "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.8, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"repo": "https://github.com/kubernetes/ingress-nginx", "vendor": "Kubernetes", "product": "ingress-nginx", "versions": [{"status": "affected", "version": "0", "lessThan": "1.13.7", "versionType": "semver"}, {"status": "affected", "version": "0", "lessThan": "1.14.3", "versionType": "semver"}], "defaultStatus": "affected"}], "datePublic": "2026-02-02T14:00:00.000Z", "references": [{"url": "https://github.com/kubernetes/kubernetes/issues/136678"}], "x_generator": {"engine": "Vulnogram 0.5.0"}, "descriptions": [{"lang": "en", "value": "A security issue was discovered in ingress-nginx where the `rules.http.paths.path` Ingress field can be used to inject configuration into nginx. This can lead to arbitrary code execution in the context of the ingress-nginx controller, and disclosure of Secrets accessible to the controller. (Note that in the default installation, the controller can access all Secrets cluster-wide.)", "supportingMedia": [{"type": "text/html", "value": "A security issue was discovered in ingress-nginx where the `rules.http.paths.path` Ingress field can be used to inject configuration into nginx. This can lead to arbitrary code execution in the context of the ingress-nginx controller, and disclosure of Secrets accessible to the controller. (Note that in the default installation, the controller can access all Secrets cluster-wide.)", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-20", "description": "CWE-20 Improper Input Validation"}]}], "providerMetadata": {"orgId": "a6081bf6-c852-4425-ad4f-a67919267565", "shortName": "kubernetes", "dateUpdated": "2026-03-09T21:01:16.788Z"}}}, "cveMetadata": {"cveId": "CVE-2026-24512", "state": "PUBLISHED", "dateUpdated": "2026-03-09T21:01:16.788Z", "dateReserved": "2026-01-23T06:54:35.912Z", "assignerOrgId": "a6081bf6-c852-4425-ad4f-a67919267565", "datePublished": "2026-02-03T22:17:08.989Z", "assignerShortName": "kubernetes"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "A security issue was discovered in ingress-nginx where the `rules.http.paths.path` Ingress field can be used to inject configuration into nginx. This can lead to arbitrary code execution in the context of the ingress-nginx controller, and disclosure of Secrets accessible to the controller. (Note that in the default installation, the controller can access all Secrets cluster-wide.)"}, {"lang": "es", "value": "Se descubri\u00f3 un problema de seguridad en ingress-nginx. El campo Ingress 'rules.http.paths.path' puede usarse para inyectar configuraci\u00f3n en nginx. Esto puede llevar a la ejecuci\u00f3n de c\u00f3digo arbitrario en el contexto del controlador ingress-nginx, y a la divulgaci\u00f3n de Secrets accesibles para el controlador. (Tenga en cuenta que, en la instalaci\u00f3n predeterminada, el controlador puede acceder a todos los Secrets en todo el cl\u00faster.)"}], "id": "CVE-2026-24512", "lastModified": "2026-04-15T00:35:42.020", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "jordan@liggitt.net", "type": "Secondary"}]}, "published": "2026-02-03T23:16:06.990", "references": [{"source": "jordan@liggitt.net", "url": "https://github.com/kubernetes/kubernetes/issues/136678"}], "sourceIdentifier": "jordan@liggitt.net", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-20"}], "source": "jordan@liggitt.net", "type": "Secondary"}]}

{}

{"analysis": {"en": {"generated_at": "2026-04-16T17:26:09.884279+00:00", "value": {"mitigation_remediation": ["Update ingress-nginx to the latest patched release that removes the path injection vulnerability", "If an upgrade cannot be performed immediately, restrict creation of Ingress objects to trusted users and enforce strict role\u2011based access control", "Reconfigure the controller\u2019s RBAC to limit its read access to Secrets only to the namespaces it actually serves"], "summary": {"action": "Patch Immediately", "impact": "Remote Code Execution"}, "threat_synthesis": {"affected_systems": "The vulnerability affects installations of the ingress-nginx controller for Kubernetes. Specific affected versions are not listed, so any version of the controller that has not yet applied the fix is potentially impacted. The default configuration permits the controller to access every Secret cluster\u2011wide, increasing the risk.", "description_and_impact": "Ingress-nginx contains a flaw that allows an attacker to inject configuration directives into nginx by manipulating the path field of an Ingress resource. This vulnerability can lead to arbitrary code execution within the ingress-nginx controller and the disclosure of Secrets the controller can read, which in a default installation includes all cluster Secrets.", "risk_and_exploitability": "With a CVSS score of 8.8, the vulnerability is considered high severity. Its EPSS score is less than 1%, indicating a very low probability of public exploitation at present. The vulnerability is not in the CISA KEV catalog. Exploitation would require the ability to create or modify an Ingress object with a crafted path field; the attack vector is likely internal to the cluster and dependent on role\u2011based access controls that allow users to create Ingress resources."}}}}, "created": "2026-02-04T12:05:18.162764+00:00", "updated": "2026-04-16T17:30:26.013182+00:00", "vendors": ["kubernetes", "kubernetes$PRODUCT$ingress-nginx"]}