A critical security vulnerability (CVSS score: 9.8/10) was recently discovered in the Kubernetes ingress-nginx controller.

What could be the impact?

Under specific conditions, an unauthenticated attacker with access to the pod network could execute arbitrary code within the ingress-nginx controller. This could potentially lead to unauthorized access and exposure of sensitive data, including Secrets managed by the controller. Security experts estimate that approximately 40% of Kubernetes clusters may be affected.

What actions have we taken?

As soon as the vulnerability was publicly disclosed, our security and SRE teams immediately took action. We upgraded all affected ingress-nginx components across our infrastructure to the latest stable version that addresses and resolves the issue. This upgrade ensures our systems are aligned with the most secure and up-to-date Kubernetes practices.

Current status

Following a comprehensive scan of our environments and successful remediation of the issue, we can confirm that all systems have been secured. No systems remain vulnerable to this specific exploit, and we continue to monitor for any emerging threats to maintain the highest level of security for our customers. See service status for real-time updates.