CVE-2026-4342
Analyzed Analyzed - Analysis Complete
Ingress-NGINX Annotation Injection Enables Remote Code Execution

Publication date: 2026-03-19

Last updated on: 2026-05-19

Assigner: Kubernetes

Description
A security issue was discovered in ingress-nginx where a combination of Ingress annotations can be used to inject configuration into nginx. This can lead to arbitrary code execution in the context of the ingress-nginx controller, and disclosure of Secrets accessible to the controller. (Note that in the default installation, the controller can access all Secrets cluster-wide.)
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-03-19
Last Modified
2026-05-19
Generated
2026-06-16
AI Q&A
2026-03-20
EPSS Evaluated
2026-06-14
NVD
CVE-2026-4342
EUVD
EUVD-2026-13343
Affected Vendors & Products
Showing 3 associated CPEs
Vendor Product Version / Range
kubernetes nginx_ingress_controller to 1.13.9 (exc)
kubernetes nginx_ingress_controller From 1.14.0 (inc) to 1.14.5 (exc)
kubernetes nginx_ingress_controller 1.15.0
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-20 The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability exists in ingress-nginx where certain combinations of Ingress annotations allow an attacker to inject configuration into nginx.

This injection can lead to arbitrary code execution within the ingress-nginx controller.

Additionally, it can cause disclosure of Secrets that the controller has access to, which by default includes all Secrets cluster-wide.

Impact Analysis

The vulnerability can allow an attacker to execute arbitrary code in the context of the ingress-nginx controller.

It can also lead to unauthorized disclosure of sensitive Secrets accessible to the controller.

Since the controller can access all Secrets cluster-wide by default, this could compromise sensitive data and control over the cluster.

Compliance Impact

I don't know

Detection Guidance

I don't know

Mitigation Strategies

I don't know

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-4342. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart