Pentera Labs built on Wiz’s IngressNightmare research to uncover three new injection vulnerabilities in Kubernetes ingress-nginx, exposing risks of remote code execution in clusters. The original flaw chain (CVE-2025-1974, 1097, 1098, 24514) showed how weak sanitization in annotations allowed attackers to inject directives. Pentera replicated these findings and discovered additional exploitable points in permanent-redirect, server-alias, and rewrite-target annotations. Exploitation could escalate privileges, bypass access controls, and compromise entire clusters. Researchers demonstrated attack paths, including planting malicious .so files, and recommended patching to version 1.12.1 or later while monitoring logs for suspicious injections.

Join for free to read