Ingress-NGINX Under Siege: A Deep Dive into the Validating Webhook Vulnerabilities

The validating admission webhook surface is one of the least-audited parts of a typical Kubernetes deployment, even though it's reachable from inside the cluster network. This post traces a chain that turns a benign-looking annotation parsing bug into command injection on the controller pod.

(Placeholder body — drop your actual writeup here.)