CVE-2025-15566 – Ingress-NGINX Kubernetes Controller Security Vulnerabilities

“A weakness in the Kubernetes ingress controller could allow attackers to manipulate traffic handling and disrupt critical applications.”

This patch addresses two high-severity vulnerabilities (CVE-2025-15566 and CVE-2026-1580) affecting Ingress-NGINX, the Kubernetes ingress controller used to manage external access to services within clusters. The issues stem from improper validation and handling of certain configuration inputs and requests processed by the controller.

Attackers who can interact with affected environments may exploit these weaknesses to manipulate ingress configurations, interfere with request routing, or disrupt application availability within the cluster. Successful exploitation could impact the integrity and availability of services exposed through the ingress layer. CVE-2025-15566 carries a CVSS v3.1 score of 8.8 (High), and CVE-2026-1580 carries a CVSS v3.1 score of 8.7 (High).

Security updates address the vulnerabilities by strengthening validation of ingress configuration data and improving request processing logic within the controller. Kubernetes environments using vulnerable versions remain exposed until the patched releases are deployed.

Patch this CVE on all your endpoints in under 5 minutes. First 200 endpoints are free forever, scale as needed.

CVE-2025-15566 – Ingress-NGINX Kubernetes Controller Security Vulnerabilities

Stay Tuned

PLATFORM

SOLUTIONS

RESOURCES

COMPANY

LEGAL

CONTACTS

+1-346-444-8530

Toll Free: 833-444-8530

708 Main St, 10th FL, Houston, TX 77002