CNNVD-202602-197 Information

CNNVD ID

CNNVD-202602-197

Related CVE

CVE-2026-24513

• CNNVD Published: 2026-02-03

Description (Chinese)

Kubernetes ingress-nginx是云原生计算基金会（Cloud Native Computing Foundation）开源的Kubernetes 的入口控制器，使用NGINX作为反向代理和负载均衡器。 Kubernetes ingress-nginx存在安全漏洞，该漏洞源于auth-url Ingress注释的保护在特定配置错误情况下可能无效，可能导致身份验证失败时仍可访问Ingress。

Description (English)

Kubernetes ingress-nginx is the entry control for Kubernetes, an open source of the Cloud Nature Computer Foundation, using NGINX as the reverse agent and load balancer. There is a security loophole in Kubernetes ingress-nginx, which stems from the fact that the protection of the mouth-url Ingress Note may not be effective in a given configuration error and may still be accessible if authentication fails.

Hazard Level

High

Vulnerability Type

其他

Affected Vendor

云原生计算基金会

Published

2026-02-03

Last Modified

2026-02-24

References

https://github.com/kubernetes/kubernetes/issues/136679

Patch

https://github.com/kubernetes/ingress-nginx/releases