Vulnerabilities

CVE-2025-15566 - ingress-nginx auth-proxy-set-headers nginx configuration injection

2026-02-06 0 views admin

CVE ID : CVE-2025-15566 Published : Feb. 6, 2026, 3:13 a.m. | 1 hour, 6 minutes ago Description : A security issue was discovered in ingress-nginx where the `nginx.ingress.kubernetes.io/auth-proxy-set-headers` Ingress annotation can be used to inject configuration into nginx. This can lead to arbitrary code execution in the context of the ingress-nginx controller, and disclosure of Secrets accessible to the controller. (Note that in the default installation, the controller can access all Secrets cluster-wide.) Severity: 8.8 | HIGH Visit the link for more details, such as CVSS details, affected products, timeline, and more...

CVE Details

CVE ID

CVE-2025-15566

Severity

HIGH

Published

Feb. 6, 2026

Affected Product: nginx

Impact: code execution

🏷️ Tags

cvevulnerabilitysecuritycybersecuritycve-2025-15566highnginx

CVE-2025-15566 - ingress-nginx auth-proxy-set-headers nginx configuration injection

CVE Details

🏷️ Tags

More from Vulnerabilities

CVE-2026-1228 - Timeline Block <= 1.3.3 - insecure direct object reference to authenticated (auth...

CVE-2026-1975 - Free5GC pfcp_reports.go identityTriggerType null pointer dereference

CVE-2026-1976 - Free5GC SMF SessionDeletionResponse null pointer dereference

CVE-2026-1977 - isaacwasserman mcp-vegalite-server visualize_data eval code injection

Trending

CVE-2025-61481: Critical Remote Code Execution Vulnerability in MikroTik RouterOS & SwitchOS

CVE-2025-43939: Dell Unity OS Command Injection (High)

Google disputes false claims of massive Gmail data breach

Microsoft: DNS outage impacts Azure and Microsoft 365 services

3.5B Accounts, 1 Critical Flaw: Meta Closes WhatsApp Data-Harvesting