Five critical security vulnerabilities impacting the Ingress NGINX Controller for Kubernetes were discovered. The vulnerabilities may allow an unauthorized attacker to execute arbitrary code within the Ingress NGINX Controller’s pod. The vulnerabilities are collectively called IngressNightmare. The CVEs are: CVE-2025-24513 CVE-2025-24514: auth-url Annotation Injection Vulnerability CVE-2025-1097: auth-tls-match-cn Annotation Injection Vulnerability CVE-2025-1098: mirror UID Injection Vulnerability … Continue reading “Ingress NGINX Controller Multiple Critical Vulnerabilities (IngressNightmare)”
