Kubernetes Archives Ingress Nginx Amid Security Concerns

Kubernetes Archives Ingress Nginx Amid Security Concerns

First seen 25 Mar 2026, 16:49 UTC Diginomica 100% similarity 69.0

Article Content

Browse articles
ThreatCluster

On March 24, 2026, the Kubernetes project archived ingress nginx, rendering its GitHub repository read-only. This component, crucial for managing external traffic to applications in Kubernetes clusters, has been plagued by severe security vulnerabilities, including the IngressNightmare vulnerabilities disclosed in March 2025. The most critical of these, CVE-2025-1974, had a CVSS score of 9.8 and allowed unauthenticated remote code execution, affecting approximately 43% of cloud environments. Kat Cosgrove from the Kubernetes Steering Committee stated that the project's fundamental architecture made it unmaintainable and easy to exploit. Existing installations will continue to function, posing a risk of exploitation for organizations that do not proactively check their systems. The decision to archive ingress nginx was made after recognizing the long-standing issues with the project, which had been maintained by a small number of volunteers. This situation highlights the urgent need for organizations to reassess their reliance on this component.

Key Points: • Ingress nginx archived on March 24, 2026, with no further support or patches. • CVE-2025-1974 allows unauthenticated remote code execution, affecting 43% of cloud environments. • Existing installations remain vulnerable, necessitating proactive checks by organizations.

ThreatCluster AI

Timeline

2025-03-24
CVE-2025-1974 published
2025-03-25
First public PoC for CVE-2025-1974
2026-03-24
Ingress nginx archived by Kubernetes project

Community

Browse all →