How to find Kubernetes Ingress-NGINX Controller installations on your network

Kubernetes Security Response Committee disclosed four vulnerabilities in the Ingress‑NGINX Controller (CVE-2026-24512/24513/24514 and CVE-2026-1580) that can allow unauthenticated attackers to achieve remote code execution by exploiting input-validation and configuration-injection flaws; CVE-2026-24513 is highlighted for bypassing auth-url under certain backend header conditions. The advisory notes exploitation depends on access to the Ingress-NGINX admission controller (an optional component), clarifies that the similarly named NGINX Ingress controller is not affected, and recommends upgrading to versions 1.13.7, 1.14.3, or later while providing a runZero query to locate potentially vulnerable services.