CVE-2026-3288 is a high-severity configuration injection vulnerability in the Kubernetes ingress-nginx NGINX Ingress Controller. The flaw affects handling of the nginx.ingress.kubernetes.io/rewrite-target annotation, where attacker-controlled Ingress path data from spec.rules.http.paths.path is interpolated into generated nginx configuration without proper sanitization in buildProxyPass() in template.go. By including a double-quote character in the Ingress path field, an attacker can terminate the intended quoted regex context and inject arbitrary nginx directives into the generated configuration. The issue is described as an incomplete fix related to CVE-2026-24512: sanitization via sanitizeQuotedRegex() had been added to buildLocation() but not to buildProxyPass(). Supporting analysis also indicates that the controller’s DeepInspect validation relied on an incomplete blocklist and contained unused path-validation logic, allowing payloads such as injected return directives to bypass inspection. Successful exploitation can result in arbitrary code execution in the context of the ingress-nginx controller and disclosure of Secrets accessible to that controller.
Mallory correlates every CVE against your assets, your vendors, and active adversary campaigns. Know which vulnerabilities matter for you, not just which ones are loud.
What it means. What to do now. Patch path, mitigations, and the assume-compromise checklist.
What an attacker gets, and what they’ve been doing with it.
If you can’t patch tonight, do this now.
spec.rules.http.paths.path contains a double quote, which is a high-fidelity indicator for this issue. Supporting research also recommends deploying detections such as the published Falco rule for ingress-nginx path configuration injection.Patch, then assume compromise.
sanitizeQuotedRegex() to buildProxyPass() to properly sanitize the path value before it is inserted into generated nginx configuration. Organizations should identify all clusters running vulnerable ingress-nginx controller versions and update them to the appropriate patched release.1 valid exploit after Mallory filtered fakes, detection scripts, and README-only repos (1 hidden).
This repository is a self-contained Docker lab and exploit kit for a simulated CVE-2026-3288 NGINX Ingress Controller configuration-injection issue. It is not tied to a common exploit framework. The repo contains 15 files: documentation (README.md, INSTALL.md, TESTING.md), Docker orchestration (docker-compose.yml), a vulnerable NGINX container and Flask backend, an automated Python exploit, a shell-based manual test harness, payload examples, a log-monitoring script, and a cleanup script. Core exploit logic is in exploits/exploit.py. The Python script uses requests.Session to target a base URL, first checking /health, then attempting six scenarios: response hijacking, Authorization header theft, phishing redirect injection, internal IP disclosure, cookie theft, and User-Agent reflection. Payloads are path strings containing an injected double quote followed by NGINX directives such as return 200 or return 302. Success criteria are simple response-content/status checks, making this an operational but basic exploit rather than a weaponized framework module. The vulnerable environment is implemented in docker/nginx/vulnerable-config.conf and docker/backend/app.py. NGINX listens on port 80 and is published to host port 9090. It proxies to an upstream named backend at backend:5000. The config intentionally simulates unsafe path handling around /api and /vuln, includes a /login location that reflects Authorization data via headers and proxying, an /admin path that can disclose an internal IP string, a /backend proxy path, and /health. The Flask backend exposes /, /health, /api/users, /api/data, /login, /admin, and /secret, with several endpoints returning sensitive-looking demo data and reflected headers. Fingerprintable infrastructure includes localhost-based lab URLs, backend:5000 as the upstream service, host ports 9090/9443, NGINX config/log file paths, and attacker redirect domains such as evil.com. The repository also includes detection/monitor-logs.sh, which tails docker-compose nginx logs and greps for suspicious injected directives like return, rewrite, set, add_header, and proxy_pass followed by quotes. Overall, the repository’s purpose is training and demonstration of web-based configuration injection leading to response manipulation and information disclosure, not stealthy post-exploitation or real RCE delivery.
Products and vendors Mallory has correlated with this vulnerability. Open in Mallory to drill down to specific CPE configurations and version ranges.
Vendor-confirmed product mapping. Mallory continuously reconciles this list against your asset inventory.
26 sources tracked across advisories, community write-ups, and news. New activity surfaces here as Mallory finds it.
A configuration injection vulnerability in the NGINX Ingress Controller caused by improper sanitization of the Ingress path field in buildProxyPass(), allowing arbitrary nginx directive injection that can lead to remote code execution and secret disclosure.
A configuration injection vulnerability in the NGINX Ingress Controller that can allow arbitrary nginx directive injection via the Ingress path field, potentially leading to remote code execution and disclosure of secrets accessible to the controller.
A configuration-injection vulnerability in ingress-nginx where the rewrite-target Ingress annotation can be abused to inject nginx configuration, potentially leading to arbitrary code execution in the ingress-nginx controller context and disclosure of Kubernetes Secrets accessible to the controller.
Query your assets running an affected version, and investigate the blast radius.
Every observed campaign linking this CVE to a named adversary.
Malware families riding this exploit, with evidence and IOCs.
YARA, Sigma, Snort, and vendor rules, auto-deployed to your SIEM.
Cross-references every affected SKU, including bundled OEM variants.
Community discussion across Reddit, Mastodon, and other social sources.