CNNVD-202602-1072 Information
CNNVD ID
CNNVD-202602-1072
Related CVE
- CNNVD Published: 2026-02-06
Description (Chinese)
Kubernetes ingress-nginx是云原生计算基金会(Cloud Native Computing Foundation)开源的Kubernetes 的入口控制器,使用NGINX作为反向代理和负载均衡器。 Kubernetes ingress-nginx存在安全漏洞,该漏洞源于nginx.ingress.kubernetes.io/auth-proxy-set-headers Ingress注解可用于向nginx注入配置,可能导致在ingress-nginx控制器环境中执行任意代码并泄露控制器可访问的Secrets。
Description (English)
Kubernetes ingress-nginx is the entry control for Kubernetes, an open source of the Cloud Nature Computer Foundation, using NGINX as the reverse agent and load balancer. There is a security loophole in Kubernetes ingress-nginx, which originates from nginx.ingress.kubernetes.io/auth-proxy-set-headers Ingress notes that can be used to inject configurations into nginx, which may lead to the enforcement of any code in the ingress-nginx controller environment and leak of accessable Secrets.
Hazard Level
High
Vulnerability Type
其他
Affected Vendor
云原生计算基金会
Published
2026-02-06
Last Modified
2026-02-24
References
https://github.com/kubernetes/kubernetes/issues/136789
Patch
https://github.com/kubernetes/ingress-nginx/releases
Share on: