CNNVD-202602-198 Information

CNNVD ID

CNNVD-202602-198

Related CVE

CVE-2026-24512

• CNNVD Published: 2026-02-03

Description (Chinese)

Kubernetes ingress-nginx是云原生计算基金会（Cloud Native Computing Foundation）开源的Kubernetes 的入口控制器，使用NGINX作为反向代理和负载均衡器。 Kubernetes ingress-nginx存在安全漏洞，该漏洞源于rules.http.paths.path Ingress字段可用于向nginx注入配置，可能导致在ingress-nginx控制器环境中执行任意代码并泄露Secret。

Description (English)

Kubernetes ingress-nginx is the entry control for Kubernetes, an open source of the Cloud Nature Computer Foundation, using NGINX as the reverse agent and load balancer. There is a security loophole in Kubernetes ingress-nginx, which originates from rulees.http.paths.path Ingress fields that can be used to infuse nginx configurations, which may lead to the enforcement of random codes and leaking of Secret in the ingress-nginx controller environment.

Hazard Level

High

Vulnerability Type

其他

Affected Vendor

云原生计算基金会

Published

2026-02-03

Last Modified

2026-02-24

References

https://github.com/kubernetes/kubernetes/issues/136678

Patch

https://github.com/kubernetes/ingress-nginx/releases