Kubernetes Nginx Ingress Controller — known CVE vulnerabilities
Every CVE whose affected-product data names Kubernetes Nginx Ingress Controller, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (2)
CVE-2026-4342 — CVSS 8.8 (high): A security issue was discovered in ingress-nginx where a combination of Ingress annotations can be used to inject configuration into nginx…
CVE-2018-1002104 — CVSS 5.3 (medium): Versions < 1.5 of the Kubernetes ingress default backend, which handles invalid ingress traffic, exposed prometheus metrics publicly.