CVE-2025-15566

Name of the Vulnerable Software and Affected Versions ingress-nginx (affected versions not specified)

Description A security issue exists in ingress-nginx where the nginx.ingress.kubernetes.io/auth-proxy-set-headers Ingress annotation can be used to inject configuration into nginx. This can result in arbitrary code execution within the context of the ingress-nginx controller and potential disclosure of Secrets accessible to the controller. In a default installation, the controller has access to all Secrets cluster-wide. The annotation https://t.co/5vaSyCfUF2 is also implicated in this issue.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.