{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-4342", "assignerOrgId": "a6081bf6-c852-4425-ad4f-a67919267565", "state": "PUBLISHED", "assignerShortName": "kubernetes", "dateReserved": "2026-03-17T15:35:59.315Z", "datePublished": "2026-03-19T21:50:17.878Z", "dateUpdated": "2026-03-21T04:01:49.391Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "affected", "product": "ingress-nginx", "repo": "https://github.com/kubernetes/ingress-nginx", "vendor": "Kubernetes", "versions": [{"lessThan": "1.13.9", "status": "affected", "version": "0", "versionType": "semver"}, {"lessThan": "1.14.5", "status": "affected", "version": "0", "versionType": "semver"}, {"lessThan": "1.15.1", "status": "affected", "version": "0", "versionType": "semver"}]}], "datePublic": "2026-03-19T14:00:00.000Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "A security issue was discovered in ingress-nginx where a combination of Ingress annotations can be used to inject configuration into nginx. This can lead to arbitrary code execution in the context of the ingress-nginx controller, and disclosure of Secrets accessible to the controller. (Note that in the default installation, the controller can access all Secrets cluster-wide.)"}], "value": "A security issue was discovered in ingress-nginx where a combination of Ingress annotations can be used to inject configuration into nginx. This can lead to arbitrary code execution in the context of the ingress-nginx controller, and disclosure of Secrets accessible to the controller. (Note that in the default installation, the controller can access all Secrets cluster-wide.)"}], "impacts": [{"capecId": "CAPEC-176", "descriptions": [{"lang": "en", "value": "CAPEC-176 Configuration/Environment Manipulation"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-20", "description": "CWE-20 Improper Input Validation", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "a6081bf6-c852-4425-ad4f-a67919267565", "shortName": "kubernetes", "dateUpdated": "2026-03-19T21:50:17.878Z"}, "references": [{"url": "https://github.com/kubernetes/kubernetes/issues/137893"}], "credits": [{"lang": "en", "value": "wooseokdotkim", "type": "finder"}], "source": {"discovery": "UNKNOWN"}, "title": "ingress-nginx comment-based nginx configuration injection", "x_generator": {"engine": "Vulnogram 0.5.0"}}, "adp": [{"title": "CVE Program Container", "references": [{"url": "http://www.openwall.com/lists/oss-security/2026/03/19/9"}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2026-03-19T22:10:03.911Z"}}, {"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-03-20T00:00:00+00:00", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3", "id": "CVE-2026-4342"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-21T04:01:49.391Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "http://www.openwall.com/lists/oss-security/2026/03/19/9"}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2026-03-19T22:10:03.911Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-4342", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2026-03-20T17:05:52.304343Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-20T17:05:55.340Z"}}], "cna": {"title": "ingress-nginx comment-based nginx configuration injection", "source": {"discovery": "UNKNOWN"}, "credits": [{"lang": "en", "type": "finder", "value": "wooseokdotkim"}], "impacts": [{"capecId": "CAPEC-176", "descriptions": [{"lang": "en", "value": "CAPEC-176 Configuration/Environment Manipulation"}]}], "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.8, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"repo": "https://github.com/kubernetes/ingress-nginx", "vendor": "Kubernetes", "product": "ingress-nginx", "versions": [{"status": "affected", "version": "0", "lessThan": "1.13.9", "versionType": "semver"}, {"status": "affected", "version": "0", "lessThan": "1.14.5", "versionType": "semver"}, {"status": "affected", "version": "0", "lessThan": "1.15.1", "versionType": "semver"}], "defaultStatus": "affected"}], "datePublic": "2026-03-19T14:00:00.000Z", "references": [{"url": "https://github.com/kubernetes/kubernetes/issues/137893"}], "x_generator": {"engine": "Vulnogram 0.5.0"}, "descriptions": [{"lang": "en", "value": "A security issue was discovered in ingress-nginx where a combination of Ingress annotations can be used to inject configuration into nginx. This can lead to arbitrary code execution in the context of the ingress-nginx controller, and disclosure of Secrets accessible to the controller. (Note that in the default installation, the controller can access all Secrets cluster-wide.)", "supportingMedia": [{"type": "text/html", "value": "A security issue was discovered in ingress-nginx where a combination of Ingress annotations can be used to inject configuration into nginx. This can lead to arbitrary code execution in the context of the ingress-nginx controller, and disclosure of Secrets accessible to the controller. (Note that in the default installation, the controller can access all Secrets cluster-wide.)", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-20", "description": "CWE-20 Improper Input Validation"}]}], "providerMetadata": {"orgId": "a6081bf6-c852-4425-ad4f-a67919267565", "shortName": "kubernetes", "dateUpdated": "2026-03-19T21:50:17.878Z"}}}, "cveMetadata": {"cveId": "CVE-2026-4342", "state": "PUBLISHED", "dateUpdated": "2026-03-21T04:01:49.391Z", "dateReserved": "2026-03-17T15:35:59.315Z", "assignerOrgId": "a6081bf6-c852-4425-ad4f-a67919267565", "datePublished": "2026-03-19T21:50:17.878Z", "assignerShortName": "kubernetes"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:kubernetes:ingress-nginx:*:*:*:*:*:*:*:*", "matchCriteriaId": "23B3479B-AC96-4030-B316-092C960ED35E", "versionEndExcluding": "1.13.9", "vulnerable": true}, {"criteria": "cpe:2.3:a:kubernetes:ingress-nginx:*:*:*:*:*:*:*:*", "matchCriteriaId": "D6D03CA5-E80B-4DD0-BF44-C65F6135C764", "versionEndExcluding": "1.14.5", "versionStartIncluding": "1.14.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:kubernetes:ingress-nginx:1.15.0:*:*:*:*:*:*:*", "matchCriteriaId": "EABC32AB-164B-4982-AD54-B5D66D5989E3", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "A security issue was discovered in ingress-nginx where a combination of Ingress annotations can be used to inject configuration into nginx. This can lead to arbitrary code execution in the context of the ingress-nginx controller, and disclosure of Secrets accessible to the controller. (Note that in the default installation, the controller can access all Secrets cluster-wide.)"}, {"lang": "es", "value": "Se descubri\u00f3 un problema de seguridad en ingress-nginx donde una combinaci\u00f3n de anotaciones de Ingress puede utilizarse para inyectar configuraci\u00f3n en nginx. Esto puede conducir a la ejecuci\u00f3n de c\u00f3digo arbitrario en el contexto del controlador ingress-nginx, y a la divulgaci\u00f3n de Secrets accesibles para el controlador. (Tenga en cuenta que en la instalaci\u00f3n predeterminada, el controlador puede acceder a todos los Secrets a nivel de cl\u00faster.)"}], "id": "CVE-2026-4342", "lastModified": "2026-04-28T21:56:05.017", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "jordan@liggitt.net", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2026-03-19T22:16:43.143", "references": [{"source": "jordan@liggitt.net", "tags": ["Issue Tracking"], "url": "https://github.com/kubernetes/kubernetes/issues/137893"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://www.openwall.com/lists/oss-security/2026/03/19/9"}], "sourceIdentifier": "jordan@liggitt.net", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-20"}], "source": "jordan@liggitt.net", "type": "Secondary"}, {"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[0,1.13.9)"}}, {"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[0,1.14.5)"}}, {"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[0,1.15.1)"}}], "enrichment": {"confidence": 100.0, "confidence_source": "matching", "scores": [{"score": 100.0, "source": "matching"}]}, "original": {"product": "ingress-nginx", "source": "cna", "vendor": "Kubernetes"}, "product": "ingress-nginx", "vendor": "kubernetes"}], "analysis": {"en": {"generated_at": "2026-04-29T02:43:07.317891+00:00", "value": {"mitigation_remediation": ["Check for an available update to ingress-nginx and apply the latest patch as soon as possible.", "If an update is not yet available, remove or sanitize the vulnerable comment-based annotations from any Ingress resources that are currently in the cluster.", "Deploy an admission controller or a validating webhook that rejects Ingress objects containing suspicious annotation patterns.", "Restrict the ingress-nginx controller's permissions so it can only read the secrets it actually needs, instead of cluster\u2011wide access.", "Monitor controller logs and Kubernetes events for anomalous nginx configuration or secret disclosures."], "summary": {"action": "Patch Immediately", "impact": "Remote Code Execution and Secret Exposure"}, "threat_synthesis": {"affected_systems": "The vulnerability affects implementations of the Kubernetes ingress-nginx controller. No specific affected versions are listed in the CNA data; therefore the risk applies to any deployment that has not applied a remedy. In the default configuration the controller mounts all cluster secrets, so a successful attack can expose a wide range of sensitive data. The vendor listed is Kubernetes:ingress-nginx.", "description_and_impact": "Ingress-nginx allows a malicious attacker to embed configuration directives within comment-based annotations of Ingress resources. By crafting specific Ingress annotations, the attacker can inject arbitrary nginx configuration that is subsequently processed by the ingress-nginx controller. This injection can lead to arbitrary code execution in the controller's process space and the disclosure of Kubernetes Secrets that are accessible to the controller. The weakness is a failure of input validation (CWE\u201120) and an unspecified CWE identified by NVD as NVD-CWE-noinfo.", "risk_and_exploitability": "The CVSS score is 8.8, indicating high severity. The EPSS score is 0.00052, indicating a very low probability of exploitation, and the vulnerability is not included in the CISA KEV catalog. The likely attack vector requires the ability to create or modify Ingress resources with malicious annotations, which typically requires Kubernetes RBAC privileges to write such resources. Once injected, the controller can execute the malicious configuration. The risk is therefore significant for clusters that grant wide permission to write Ingress objects and that run the controller with full cluster\u2011wide access to secrets."}}}}, "created": "2026-03-20T08:55:27.515532+00:00", "updated": "2026-04-29T02:45:35.958162+00:00", "vendors": ["kubernetes", "kubernetes$PRODUCT$ingress-nginx"]}