CVE-2026-4342NVD

Vulnerability Summary

A security issue was discovered in ingress-nginx where a combination of Ingress annotations can be used to inject configuration into nginx. This can lead to arbitrary code execution in the context of the ingress-nginx controller, and disclosure of Secrets accessible to the controller. (Note that in the default installation, the controller can access all Secrets cluster-wide.)

Severity Level

HIGH(8.8)

Published Date

Mar 19, 2026

Last Modified

May 19, 2026

Exploitation Status

????

EPSS Score (30-Day)

0.06%Probability

Root Weakness (CWE)

CWE-20: Improper Input Validation ↗

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required.

CVSS v3.1 Base Metrics

Attack VectorNetwork

Attack ComplexityLow

Privileges RequiredLow

User InteractionNone

ScopeUnchanged

ConfidentialityHigh

IntegrityHigh

AvailabilityHigh

External References

https://github.com/kubernetes/kubernetes/issues/137893
http://www.openwall.com/lists/oss-security/2026/03/19/9

Critical Alert

CVE Watchtower

CVE-2026-4342NVD

Vulnerability Summary

External References