Detecting CVE-2026-3288 & CVE-2026-24512: Ingress-nginx configuration injection vulnerabilities for Kubernetes

**CVE-2026-3288: NGINX Ingress Controller configuration injection** — A high-severity (CVSS 8.8) vulnerability in ingress-nginx allowed an attacker with permission to create or modify Ingress resources to inject arbitrary nginx configuration by placing a double-quote in the Ingress path; this can lead to remote code execution and disclosure of secrets accessible to the controller. The report details the missing sanitization in buildProxyPass() (a companion fix was applied earlier to buildLocation()), demonstrates bypasses of the DeepInspect blocklist, provides exploit scenarios (response hijacking, credential leakage, denial of service), lists affected and fixed versions (fixed in v1.13.8/v1.14.4/v1.15.0), and supplies detection (Falco rule using Kubernetes audit logs) and mitigation recommendations (patch, RBAC restrictions, webhook validation, audit of Ingress paths).