Kubernetes Ingress-nginx — known CVE vulnerabilities
Every CVE whose affected-product data names Kubernetes Ingress-nginx, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (9)
CVE-2026-3288 — CVSS 8.8 (high): A security issue was discovered in ingress-nginx where the `nginx.ingress.kubernetes.io/rewrite-target` Ingress annotation can be used to…
CVE-2021-25745 — CVSS 7.6 (high): A security issue was discovered in ingress-nginx where a user that can create or update ingress objects can use the spec.rules[].http.paths[…
CVE-2021-25746 — CVSS 7.6 (high): A security issue was discovered in ingress-nginx where a user that can create or update ingress objects can use .metadata.annotations in an…
CVE-2021-25748 — CVSS 7.6 (high): A security issue was discovered in ingress-nginx where a user that can create or update ingress objects can use a newline character to…
CVE-2021-25742 — CVSS 7.6 (high): A security issue was discovered in ingress-nginx where a user that can create or update ingress objects can use the custom snippets feature…
CVE-2020-8553 — CVSS 5.9 (medium): The Kubernetes ingress-nginx component prior to version 0.28.0 allows a user with the ability to create namespaces and to read and create…