CVE-2026-3288

HIGH LAB

ingress-nginx < 1.13.8, < 1.14.4, < 1.15.0 - Remote Code Execution via Rewrite Target Annotation Injection

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 3 public exploits for CVE-2026-3288. PoCs published by XiaomingX, bvabhishek, SnailSploit.

AI-analyzed exploit summary This repository provides a detailed technical analysis of CVE-2026-3288, an ingress-nginx configuration injection vulnerability via the rewrite-target annotation, including root cause, affected versions, remediation steps, and detection methods.

Description

A security issue was discovered in ingress-nginx where the `nginx.ingress.kubernetes.io/rewrite-target` Ingress annotation can be used to inject configuration into nginx. This can lead to arbitrary code execution in the context of the ingress-nginx controller, and disclosure of Secrets accessible to the controller. (Note that in the default installation, the controller can access all Secrets cluster-wide.)

Exploits (3)

github WRITEUP 10 stars
by XiaomingX · pythonpoc
https://github.com/XiaomingX/data-cve-poc-py-v1/tree/main/2026/CVE-2026-3288

This repository provides a detailed technical analysis of CVE-2026-3288, an ingress-nginx configuration injection vulnerability via the rewrite-target annotation, including root cause, affected versions, remediation steps, and detection methods.

Classification
Writeup 100%
Attack Type
Rce | Info Leak
Complexity
Moderate
Reliability
Reliable
Target: ingress-nginx (versions < 1.13.8, < 1.14.4, < 1.15.0)
Auth required
Prerequisites: Ability to create/modify Ingress resources in a Kubernetes cluster running ingress-nginx
devstral-2 · analyzed Mar 11, 2026 Full analysis →
nomisec WORKING POC
by bvabhishek · poc
https://github.com/bvabhishek/CVE-2026-3288-lab

This repository contains a functional exploit PoC for CVE-2026-3288, an NGINX Ingress Controller configuration injection vulnerability. The lab includes a Docker-based vulnerable environment, automated exploitation scripts, and detailed documentation for testing various attack scenarios.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: NGINX Ingress Controller < v1.13.8, v1.14.4, v1.15.0
No auth needed
Prerequisites: Docker · Docker Compose · Python 3.6+
devstral-2 · analyzed Apr 09, 2026 Full analysis →
nomisec WRITEUP
by SnailSploit · poc
https://github.com/SnailSploit/CVE-2026-3288

This repository provides a detailed technical analysis of CVE-2026-3288, an ingress-nginx configuration injection vulnerability via the rewrite-target annotation, including root cause, affected versions, remediation steps, and detection methods.

Classification
Writeup 100%
Attack Type
Rce | Info Leak
Complexity
Moderate
Reliability
Reliable
Target: ingress-nginx (versions < 1.13.8, < 1.14.4, < 1.15.0)
Auth required
Prerequisites: Ability to create/modify Ingress resources in a Kubernetes cluster running ingress-nginx
devstral-2 · analyzed Mar 10, 2026 Full analysis →

References (3)

Core 3

Scores

CVSS v3 8.8
EPSS 0.0667
EPSS Percentile 93.0%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment
Exploitation poc
Automatable no
Technical Impact total

Lab Environment

COMMUNITY
Community Lab
docker pull nginx:1.25-alpine

Details

CWE
CWE-20
Status published
Products (4)
Kubernetes/ingress-nginx < 1.13.8
kubernetes/ingress-nginx < 1.13.8
Kubernetes/ingress-nginx < 1.14.4
Kubernetes/ingress-nginx < 1.15.0
Published Mar 09, 2026
Tracked Since Mar 10, 2026