pkg:Go/k8s.io/ingress-nginx

All known vulnerabilities

• CRITICAL9.8CVE-2025-1974ingress-nginx admission controller RCE escalation in k8s.io/ingress-nginx
  from 0, < 1.11.5
• CRITICAL9.8CVE-2025-1974ingress-nginx admission controller RCE escalation in k8s.io/ingress-nginx
  from 0
• HIGH8.8CVE-2026-4342ingress-nginx comment-based nginx configuration injection in k8s.io/ingress-nginx
  from 0, < 0.0.0-20260319175635-5183b7d86137
• HIGH8.8CVE-2026-4342ingress-nginx comment-based nginx configuration injection in k8s.io/ingress-nginx
  from 0, < 0.0.0-20260319175635-5183b7d86137
• HIGH8.8CVE-2026-1580ingress-nginx's `nginx.ingress.kubernetes.io/auth-method` Ingress annotation can be used to inject configuration into nginx in k8s.io/ingress-nginx
  from 0, < 1.13.7
• HIGH8.8CVE-2026-24512ingress-nginx's `rules.http.paths.path` Ingress field can be used to inject configuration into nginx in k8s.io/ingress-nginx
  from 0, < 1.13.7
• HIGH8.8CVE-2026-1580ingress-nginx's `nginx.ingress.kubernetes.io/auth-method` Ingress annotation can be used to inject configuration into nginx in k8s.io/ingress-nginx
  from 0
• HIGH8.8CVE-2026-24512ingress-nginx's `rules.http.paths.path` Ingress field can be used to inject configuration into nginx in k8s.io/ingress-nginx
  from 0
• HIGH8.8CVE-2025-1098ingress-nginx controller - configuration injection via unsanitized mirror annotations in k8s.io/ingress-nginx
  from 0
• HIGH8.8CVE-2025-1097ngress-nginx controller - configuration injection via unsanitized auth-tls-match-cn annotation in k8s.io/ingress-nginx
  from 0, < 1.11.5
• HIGH8.8CVE-2025-24514ingress-nginx controller - configuration injection via unsanitized auth-url annotation in k8s.io/ingress-nginx
  from 0, < 1.11.5
• HIGH8.8CVE-2025-1098ingress-nginx controller - configuration injection via unsanitized mirror annotations in k8s.io/ingress-nginx
  from 0, < 1.11.5
• HIGH8.8CVE-2025-24514ingress-nginx controller - configuration injection via unsanitized auth-url annotation in k8s.io/ingress-nginx
  from 0
• HIGH8.8CVE-2025-1097ngress-nginx controller - configuration injection via unsanitized auth-tls-match-cn annotation in k8s.io/ingress-nginx
  from 0
• HIGH8.8CVE-2022-4886Ingress-nginx path sanitization can be bypassed
  from 0, < 1.8.0
• HIGH8.1CVE-2021-25745Improper Input Validation in k8s.io/ingress-nginx
  from 0, < 1.2.0
• HIGH7.6CVE-2023-5044Ingress-nginx code injection via nginx.ingress.kubernetes.io/permanent-redirect annotation in k8s.io/ingress-nginx
  from 0
• HIGH7.6CVE-2023-5043Ingress nginx annotation injection causes arbitrary command execution
  from 0, < 1.9.0
• HIGH7.6CVE-2023-5044Ingress-nginx code injection via nginx.ingress.kubernetes.io/permanent-redirect annotation in k8s.io/ingress-nginx
  from 0, < 1.9.0
• MEDIUM6.5CVE-2026-24514ingress-nginx vulnerable to Allocation of Resources Without Limits or Throttling in k8s.io/ingress-nginx
  from 0, < 1.13.7
• MEDIUM6.5CVE-2026-24514ingress-nginx vulnerable to Allocation of Resources Without Limits or Throttling in k8s.io/ingress-nginx
  from 0
• MEDIUM6.5CVE-2021-25748Ingress-nginx `path` sanitization can be bypassed with newline character
  from 0, < 1.2.1
• MEDIUM5.9CVE-2020-8553ingress-nginx component for Kubernetes allows file overwrite
  from 0, < 0.28.0
• MEDIUM5.3CVE-2018-1002104Kubernetes ingress exposes sensitive information
  from 0, < 1.5
• MEDIUM4.8CVE-2025-24513ingress-nginx controller - auth secret file path traversal vulnerability in k8s.io/ingress-nginx
  from 0, < 1.11.5
• MEDIUM4.8CVE-2025-24513ingress-nginx controller - auth secret file path traversal vulnerability in k8s.io/ingress-nginx
  from 0
• LOW3.1CVE-2026-24513ingress-nginx has Improper Check for Unusual or Exceptional Conditions in k8s.io/ingress-nginx
  from 0
• LOW3.1CVE-2026-24513ingress-nginx has Improper Check for Unusual or Exceptional Conditions in k8s.io/ingress-nginx
  from 0, < 1.13.7