On 24-Mar-2025, Wiz announced the discovery of a series of CVEs in the Ingress NGINX Controller for Kubernetes. These findings were reported to Kubernetes who later announced patches for ingress-nginx.
Upon assessing the Appian platform against all details of the CVEs, we can confirm that the Appian platform is not impacted. Appian does deploy ingress-nginx in multiple partitions of the platform; however, these deployments do not make use of the admissionWebhooks component which is the underlying impacted feature.
While our current implementation is not affected, we are prioritizing upgrades of our ingress-nginx deployments to the latest version as a precautionary safety measure. IMPORTANT: Self-managed Appian on Kubernetes is not shipped with ingress-nginx. If your environment uses the Ingress NGINX Controller to expose Appian, please review to confirm your version and upgrade to a secure one if necessary.
The following CVEs were released with additional information on the scope of the vulnerability:
This article applies to Appian Cloud.
Last reviewed: March 26, 2025