CVE-2026-1580 Unknown

CVE-2026-1580

SUSE Released: March 05, 2026 Updated: March 05, 2026 Restart Required

Description

CVE-2026-1580 A security issue was discovered in ingress-nginx where the `nginx.ingress.kubernetes.io/auth-method` Ingress annotation can be used to inject configuration into nginx. This can lead to arbitrary code execution in the context of the ingress-nginx controller, and disclosure of Secrets accessible to the controller. (Note that in the default installation, the controller can access all Secrets cluster-wide.) The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).

Fixed Vulnerabilities 1

CVE-2026-1580 N/A 0.0 ⚠️ KEV fixed

Feb 03, 2026

A security issue was discovered in ingress-nginx where the `nginx.ingress.kubernetes.io/auth-method` Ingress annotation can be used to inject configuration into nginx. This can lead to arbitrary code…

Quick Info

Patch ID: CVE-2026-1580

Vendor: SUSE

Severity: Unknown

CVEs Fixed: 1

Restart: Required

Vendor

SUSE

Additional Info

advisory id: CVE-2026-1580

advisory type: Security Update

cvrf filename: cvrf-CVE-2026-1580.xml

CVE Vulnerabilities

Posts & Pages