Primary

Context

ingress-nginx Arbitrary Code Execution Vulnerability via Auth-Proxy-Set-Headers Annotation

Vulnerability

Patched

A vulnerability in ingress-nginx allows the `nginx.ingress.kubernetes.io/auth-proxy-set-headers` Ingress annotation to inject configuration into nginx. This injection can result in arbitrary code execution within the ingress-nginx controller and the unauthorized disclosure of Secrets accessible to the controller. By default, the controller has access to all Secrets across the cluster.

Impact

Exploitation of this vulnerability could lead to arbitrary code execution in the context of the ingress-nginx controller and the disclosure of cluster-wide Secrets accessible to the controller.

Remediation

Users are advised to upgrade ingress-nginx to version 1.12.5, 1.13.1, or any later version. For upgrade instructions, refer to the official documentation on upgrading ingress-nginx.

Added: Feb 6, 2026, 4:22 AM

Updated: Feb 6, 2026, 4:22 AM

Vulnerability Rating

Custom Algorithm

spread

6.4

impact

7.5

exploitability

5.4

remediation

7.7

relevance

2.6

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

6.4

impact

7.5

exploitability

5.4

remediation

7.7

relevance

2.6

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

ingress-nginx Arbitrary Code Execution Vulnerability via Auth-Proxy-Set-Headers Annotation

Vulnerability

Impact

Remediation

Affected Products

kubernetes-ingress-nginx

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating