CVE-2026-24512 — Vulnetix

CVE-2026-24512 PUBLISHED

A security issue was discovered in ingress-nginx cthe `rules.http.paths.path` Ingress field can be used to inject configuration into nginx. This can lead to arbitrary code execution in the context of the ingress-nginx controller, and disclosure of Secrets accessible to the controller. (Note that in the default installation, the controller can access all Secrets cluster-wide.)

EPSS 0.08% · 23.4th percentile

Risk Scores

EPSS Score

0.08%

23.4th percentile

Affected Products

Vendor	Product	Versions
Bitnami	nginx-ingress-controller	0, 1.14.0
Bitnami	nginx-ingress-controller	0, 1.14.0

Timeline

Feb 2, 2026 PoC Published
Feb 3, 2026 PoC Published
Feb 3, 2026 PoC Published
Feb 3, 2026 PoC Published
Feb 3, 2026 CVE Published
Feb 3, 2026 PoC Published
Feb 3, 2026 PoC Published
Feb 4, 2026 EPSS Score
Feb 4, 2026 PoC Published
Feb 4, 2026 PoC Published
Feb 4, 2026 PoC Published
Feb 4, 2026 PoC Published

References

https://github.com/kubernetes/kubernetes/issues/136678 url
https://nvd.nist.gov/vuln/detail/CVE-2026-24512 url

Open in Interactive Console →