Kubernetes Ingress Nginx
Don't miss out!
Thousands of developers use stack.watch to stay informed.Get an email whenever new security vulnerabilities are reported in Kubernetes Ingress Nginx.
By the Year
In 2025 there have been 0 vulnerabilities in Kubernetes Ingress Nginx. Ingress Nginx did not have any published security vulnerabilities last year.
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2025 | 0 | 0.00 |
| 2024 | 0 | 0.00 |
| 2023 | 4 | 7.65 |
| 2022 | 2 | 7.60 |
| 2021 | 1 | 7.10 |
| 2020 | 0 | 0.00 |
| 2019 | 0 | 0.00 |
| 2018 | 0 | 0.00 |
It may take a day or so for new Ingress Nginx vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Kubernetes Ingress Nginx Security Vulnerabilities
Code injection via nginx.ingress.kubernetes.io/permanent-redirect annotation.
CVE-2023-5044
8.8 - High
- October 25, 2023
Code injection via nginx.ingress.kubernetes.io/permanent-redirect annotation.
Code Injection
Ingress nginx annotation injection causes arbitrary command execution.
CVE-2023-5043
8.8 - High
- October 25, 2023
Ingress nginx annotation injection causes arbitrary command execution.
Injection
Ingress-nginx `path` sanitization
CVE-2022-4886
6.5 - Medium
- October 25, 2023
Ingress-nginx `path` sanitization can be bypassed with `log_format` directive.
A security issue was discovered in ingress-nginx where a user
CVE-2021-25748
6.5 - Medium
- May 24, 2023
A security issue was discovered in ingress-nginx where a user that can create or update ingress objects can use a newline character to bypass the sanitization of the `spec.rules[].http.paths[].path` field of an Ingress object (in the `networking.k8s.io` or `extensions` API group) to obtain the credentials of the ingress-nginx controller. In the default configuration, that credential has access to all secrets in the cluster.
A security issue was discovered in ingress-nginx where a user
CVE-2021-25746
7.1 - High
- May 06, 2022
A security issue was discovered in ingress-nginx where a user that can create or update ingress objects can use .metadata.annotations in an Ingress object (in the networking.k8s.io or extensions API group) to obtain the credentials of the ingress-nginx controller. In the default configuration, that credential has access to all secrets in the cluster.
Improper Input Validation
A security issue was discovered in ingress-nginx where a user
CVE-2021-25745
8.1 - High
- May 06, 2022
A security issue was discovered in ingress-nginx where a user that can create or update ingress objects can use the spec.rules[].http.paths[].path field of an Ingress object (in the networking.k8s.io or extensions API group) to obtain the credentials of the ingress-nginx controller. In the default configuration, that credential has access to all secrets in the cluster.
Improper Input Validation
A security issue was discovered in ingress-nginx where a user
CVE-2021-25742
7.1 - High
- October 29, 2021
A security issue was discovered in ingress-nginx where a user that can create or update ingress objects can use the custom snippets feature to obtain all secrets in the cluster.
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for NetApp Trident or by Kubernetes? Click the Watch button to subscribe.
