CNNVD-202602-201 Information
CNNVD ID
CNNVD-202602-201
Related CVE
- CNNVD Published: 2026-02-03
Description (Chinese)
Kubernetes ingress-nginx是云原生计算基金会(Cloud Native Computing Foundation)开源的Kubernetes 的入口控制器,使用NGINX作为反向代理和负载均衡器。 Kubernetes ingress-nginx存在安全漏洞,该漏洞源于nginx.ingress.kubernetes.io/auth-method注释可用于向nginx注入配置,可能导致在ingress-nginx控制器环境中执行任意代码并泄露控制器可访问的密钥。
Description (English)
Kubernetes ingress-nginx is the entry control for Kubernetes, an open source of the Cloud Nature Computer Foundation, using NGINX as the reverse agent and load balancer. There is a security loophole in Kubernetes ingress-nginx, which originates from nginx.ingress.kubernetes.io/auth-method notes that can be used to infuse nginx configurations, which may lead to the implementation of any code in the ingress-nginx controller environment and the disclosure of key accessable by the controller.
Hazard Level
High
Vulnerability Type
其他
Affected Vendor
云原生计算基金会
Published
2026-02-03
Last Modified
2026-02-24
References
https://github.com/kubernetes/kubernetes/issues/136677
Patch
https://github.com/kubernetes/ingress-nginx/releases
Share on: