ingress-nginx
Safeguard articles tagged "ingress-nginx" — guides, analysis, and best practices for software supply chain and application security.
5 articles
TLS termination and cert-manager: a hardening guide for Kubernetes Ingress
IngressNightmare's CVSS 9.8 RCE showed that ingress-nginx's own admission webhook can be turned against cluster Secrets — here's how to configure TLS safely.
CVE-2026-42945: A Buffer Overflow in NGINX's Rewrite Module Reaches Into Your Kubernetes Clusters (May 2026)
Disclosed May 17, 2026 with public PoC and in-the-wild activity, CVE-2026-42945 is a buffer overflow in NGINX's ngx_http_rewrite_module. It affects core NGINX and the ingress controllers that wrap it, putting cluster ingress in scope.
Kubernetes Security in 2026: CVEs and Hardening Priorities
The CVEs that hurt clusters lately live at the edges: admission controllers, ingress, and image supply chains. What the recent record says about where to harden first.
CVE-2025-1974 Ingress NGINX Controller RCE
IngressNightmare - CVE-2025-1974 in Kubernetes ingress-nginx - gave unauthenticated attackers cluster-wide RCE. Here is how it worked and what to harden now.
Kubernetes ingress controller vulnerability roundup
Ingress-nginx, Apache APISIX, and other Kubernetes ingress controllers have racked up critical CVEs since 2021 — here's what actually happened.