Kubernetes: Ingress-Nginx Vulnerability Allow Attackers to Execute Arbitrary Code

Critical Code Execution Vulnerability in ingress-nginx Threatens Kubernetes Clusters

A severe security flaw (CVE-2026-24512) has been identified in ingress-nginx, a widely used Kubernetes ingress controller, enabling authenticated attackers to execute arbitrary code and access sensitive cluster secrets. The vulnerability stems from improper handling of the rules.http.paths.path field in Ingress resources, allowing malicious configuration injection into the underlying NGINX web server.

Exploitation requires only low-level privileges and no user interaction, with the attack vector accessible remotely over a network. In default configurations, the ingress-nginx controller has permissions to read all Secrets across a Kubernetes cluster, amplifying the potential impact. Successful exploitation could grant attackers full control over affected systems.

Affected Versions & Mitigation

The vulnerability impacts:

• ingress-nginx < v1.13.7 (fixed in v1.13.7+)
• ingress-nginx < v1.14.3 (fixed in v1.14.3+)

The Kubernetes Security Response Committee urges administrators to upgrade immediately to patched versions. For environments where upgrades are delayed, a validating admission controller can be deployed to block Ingress resources using the ImplementationSpecific path type as a temporary workaround.

Detection & Response

Organizations can check for vulnerable deployments using:

kubectl get pods --all-namespaces --selector app.kubernetes.io/name=ingress-nginx

Signs of exploitation may include malformed data in rules.http.paths.path fields. If compromised, administrators should contact the Kubernetes security team at security@kubernetes.io.

Long-Term Considerations

The Kubernetes project has announced the end of maintenance for ingress-nginx, prompting organizations to evaluate alternative ingress solutions for sustained security.

Source: https://cybersecuritynews.com/ingress-nginx-vulnerability/

Kubernetes cybersecurity rating report: https://www.rankiteo.com/company/kubernetes

"id": "KUB1770194009",
"linkid": "kubernetes",
"type": "Vulnerability",
"date": "2/2026",
"severity": "100",
"impact": "5",
"explanation": "Attack threatening the organization's existence"

{'affected_entities': [{'industry': 'Technology/Cloud Infrastructure',
                        'type': 'Kubernetes clusters'}],
 'attack_vector': 'Network',
 'data_breach': {'sensitivity_of_data': 'High',
                 'type_of_data_compromised': 'Cluster secrets'},
 'description': 'A severe security flaw (CVE-2026-24512) has been identified '
                'in ingress-nginx, a widely used Kubernetes ingress '
                'controller, enabling authenticated attackers to execute '
                'arbitrary code and access sensitive cluster secrets. The '
                'vulnerability stems from improper handling of the '
                '`rules.http.paths.path` field in Ingress resources, allowing '
                'malicious configuration injection into the underlying NGINX '
                'web server. Exploitation requires only low-level privileges '
                'and no user interaction, with the attack vector accessible '
                'remotely over a network. In default configurations, the '
                'ingress-nginx controller has permissions to read all Secrets '
                'across a Kubernetes cluster, amplifying the potential impact. '
                'Successful exploitation could grant attackers full control '
                'over affected systems.',
 'impact': {'data_compromised': 'Sensitive cluster secrets',
            'operational_impact': 'Full control over affected systems',
            'systems_affected': 'Kubernetes clusters using ingress-nginx'},
 'lessons_learned': 'End of maintenance for ingress-nginx announced; '
                    'organizations should evaluate alternative ingress '
                    'solutions for sustained security.',
 'post_incident_analysis': {'corrective_actions': 'Patch management, '
                                                  'evaluation of alternative '
                                                  'ingress solutions',
                            'root_causes': 'Improper handling of '
                                           '`rules.http.paths.path` field in '
                                           'Ingress resources'},
 'recommendations': 'Upgrade to patched versions immediately, deploy '
                    'validating admission controller as a temporary '
                    'workaround, and monitor for signs of exploitation.',
 'references': [{'source': 'Kubernetes Security Response Committee'}],
 'response': {'communication_strategy': 'Contact Kubernetes security team at '
                                        'security@kubernetes.io if compromised',
              'containment_measures': 'Upgrade to patched versions (v1.13.7+ '
                                      'or v1.14.3+), deploy validating '
                                      'admission controller to block Ingress '
                                      'resources using '
                                      '`ImplementationSpecific` path type',
              'enhanced_monitoring': 'Check for malformed data in '
                                     '`rules.http.paths.path` fields',
              'remediation_measures': 'Upgrade ingress-nginx to fixed versions '
                                      '(v1.13.7+ or v1.14.3+)'},
 'title': 'Critical Code Execution Vulnerability in ingress-nginx Threatens '
          'Kubernetes Clusters',
 'type': 'Code Execution Vulnerability',
 'vulnerability_exploited': 'CVE-2026-24512 (Improper handling of '
                            '`rules.http.paths.path` field in Ingress '
                            'resources)'}