CVE-2026-4342 – Kubernetes ingress-nginx Controller

Kubernetes addressed a high-severity vulnerability in the ingress-nginx controller that could allow attackers to manipulate traffic handling and potentially execute unauthorized actions within the cluster. The issue impacts how incoming requests are processed, creating an opportunity for abuse in exposed environments. CVE-2026-4342 has a CVSS score of 8.8, which is High severity. This level of risk is significant for organizations relying on ingress-nginx as a primary gateway to services.

No verified real-world exploitation or proof-of-concept code has been confirmed. However, given the role of ingress in controlling external access, the vulnerability presents a serious attack surface. The patch strengthens request validation and closes the pathway that could allow malicious traffic to influence cluster behavior.