IngressNightmare: Critical Vulnerabilities Impacting Thousands of Kubernetes Clusters

Popular：

Virtualization DNS security formal verification reachability analysis compiler errors macro conflict web extension development framework Bitmap Graphics API inconsistencies All Tags

IngressNightmare: Critical Vulnerabilities Impacting Thousands of Kubernetes Clusters

2025-03-25

Wiz Research discovered a series of unauthenticated Remote Code Execution vulnerabilities (dubbed #IngressNightmare) in Ingress NGINX Controller for Kubernetes. Exploitation grants unauthorized access to all secrets across all namespaces, potentially leading to cluster takeover. Approximately 43% of cloud environments are vulnerable, with over 6,500 affected clusters, including Fortune 500 companies, publicly exposing vulnerable components. Immediate patching is crucial. Mitigations include updating to the latest Ingress NGINX Controller version or disabling the admission controller component.

(www.wiz.io)

Development

Quad9: A Non-Profit DNS Provider Seeks Donations

Elecom's Na Plus: First Consumer Sodium-Ion Power Bank is Here (But It's Bulky)