Kubernetes Ingress-NGINX Controller Arbitrary Code Execution Vulnerability

Vulnerability

A vulnerability in Kubernetes allows an unauthenticated attacker with access to the pod network to execute arbitrary code within the ingress-nginx controller. This issue could result in the unauthorized disclosure of Secrets that the controller can access. In a default installation, the controller has access to all Secrets across the cluster.

Impact

Exploitation of this vulnerability could lead to arbitrary code execution in the ingress-nginx controller, allowing for the unauthorized access and disclosure of cluster-wide Secrets.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

7.3

impact

7.5

exploitability

5.3

remediation

0.0

relevance

0.0

threat

1.8

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

7.3

impact

7.5

exploitability

5.3

remediation

0.0

relevance

0.0

threat

1.8

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Kubernetes Ingress-NGINX Controller Arbitrary Code Execution Vulnerability

Vulnerability

Impact

Affected Products

Kubernetes

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating