High severity8.8NVD Advisory· Published Mar 19, 2026· Updated May 19, 2026
CVE-2026-4342
CVE-2026-4342
Description
A security issue was discovered in ingress-nginx where a combination of Ingress annotations can be used to inject configuration into nginx. This can lead to arbitrary code execution in the context of the ingress-nginx controller, and disclosure of Secrets accessible to the controller. (Note that in the default installation, the controller can access all Secrets cluster-wide.)
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
k8s.io/ingress-nginxGo | < 0.0.0-20260319175635-5183b7d86137 | 0.0.0-20260319175635-5183b7d86137 |
Affected products
4cpe:2.3:a:kubernetes:nginx_ingress_controller:*:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:a:kubernetes:nginx_ingress_controller:*:*:*:*:*:*:*:*range: <1.13.9
- cpe:2.3:a:kubernetes:nginx_ingress_controller:1.15.0:*:*:*:*:*:*:*
- ghsa-coords2 versions
< 0.0.0-20260319175635-5183b7d86137+ 1 more
- (no CPE)range: < 0.0.0-20260319175635-5183b7d86137
- (no CPE)range: < 0.0.20260326T203309-150000.1.155.2
Patches
Vulnerability mechanics
References
5- www.openwall.com/lists/oss-security/2026/03/19/9nvdMailing ListThird Party AdvisoryWEB
- github.com/advisories/GHSA-f53h-mxv9-cp98ghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2026-4342ghsaADVISORY
- github.com/kubernetes/ingress-nginx/commit/5183b7d861377a9a2f6d2acaf44f8f6abd5cd0aaghsaWEB
- github.com/kubernetes/kubernetes/issues/137893nvdIssue TrackingWEB
News mentions
0No linked articles in our index yet.