Detecting CVE-2026-3288 & CVE-2026-24512: Ingress-nginx configuration injection vulnerabilities for Kubernetes

Sysdig Threat Research analyzed CVE-2026-3288, a high-severity (CVSS 8.8) configuration-injection flaw in ingress-nginx where an unsanitized Ingress path containing a double-quote allows injection of arbitrary nginx directives (related to a prior incomplete fix for CVE-2026-24512), potentially enabling remote code execution and disclosure of secrets; fixes were released (v1.13.8 / v1.14.4 / v1.15.0), and Sysdig published a Falco detection rule plus mitigation and mitigation recommendations.