What is CVE-2026-4342?

A security issue was discovered in ingress-nginx where a combination of Ingress annotations can be used to inject configuration into nginx. This can lead to arbitrary code execution in the context of the ingress-nginx controller, and disclosure of Secrets accessible to the controller. (Note that in the default installation, the controller can access all Secrets cluster-wide.)

What is the severity of CVE-2026-4342?

CVE-2026-4342 has a CVSS v3 score of 8.8, which is classified as High severity.

Is there an exploit available for CVE-2026-4342?

No known public exploits are currently available for CVE-2026-4342.

Is there a patch available for CVE-2026-4342?

Yes, patches are available for CVE-2026-4342. Check the vendor advisories for update instructions.

CVE-2026-4342 - CVE Details, Severity, and Analysis

Agentic AI · Pentesting

Ready for Agentic Automated Testing?

Deploy autonomous AI agents that reason, exploit, and validate complex vulnerability chains — not another scanner, an agentic system that thinks like a senior pentester.

Zero false positives

PoC for every finding

30+ tools orchestrated

Book a Demo Learn More

Setup in 5 minutesSOC 2 & ISO 27001

Vendor	Product
Kubernetes	Nginx Ingress Controller

CVE-2026-4342 - CVE Details, Severity, and Analysis | Strobes VI