159 matches found
CVE-2026-42876
External Secrets Operator reads information from a third-party service and automatically injects the values as Kubernetes Secrets. Prior to 2.4.1, a user who only has permission to create ExternalSecret resources can cause the operator to create a Secret that Kubernetes will automatically populat...
CVE-2026-42875
External Secrets Operator reads information from a third-party service and automatically injects the values as Kubernetes Secrets. Prior to 2.4.0, Namespaced SecretStore resources that used CAProvider with type ConfigMap could resolve CA material from another namespace when caProvider.namespace w...
GHSA-WV26-88M5-6H59 vulnerabilities
Vulnerabilities for packages: external-secrets-operator...
CVE-2026-42876 vulnerabilities
Vulnerabilities for packages: external-secrets-operator...
GHSA-FQ7H-9X26-6J22 vulnerabilities
Vulnerabilities for packages: external-secrets-operator...
CVE-2026-42875 vulnerabilities
Vulnerabilities for packages: external-secrets-operator...
CVE-2026-42875 vulnerabilities
Vulnerabilities for packages: external-secrets-operator...
GHSA-WV26-88M5-6H59 vulnerabilities
Vulnerabilities for packages: external-secrets-operator...
CVE-2026-42876 vulnerabilities
Vulnerabilities for packages: external-secrets-operator...
GHSA-FQ7H-9X26-6J22 vulnerabilities
Vulnerabilities for packages: external-secrets-operator...
GHSA-M7CR-M3PV-HGRP vulnerabilities
Vulnerabilities for packages: flux, gitsign, goreleaser, kots, pulumi-language-yaml, skaffold, dagger, nfpm, pulumi-kubernetes-operator, pulumi-language-dotnet, argo-cd, kubescape, kargo, grype, syft, crossplane, src-fingerprint, gptscript, act, wolfictl, kaniko, grafana-alloy, melange,...
GHSA-CRHJ-59GH-8X96 vulnerabilities
Vulnerabilities for packages: flux, gitsign, goreleaser, kots, pulumi-language-yaml, skaffold, dagger, nfpm, pulumi-kubernetes-operator, pulumi-language-dotnet, argo-cd, kubescape, kargo, grype, syft, crossplane, src-fingerprint, gptscript, act, wolfictl, kaniko, grafana-alloy, melange,...
CVE-2026-45571 vulnerabilities
Vulnerabilities for packages: flux, gitsign, goreleaser, kots, pulumi-language-yaml, skaffold, dagger, nfpm, pulumi-kubernetes-operator, pulumi-language-dotnet, argo-cd, kubescape, kargo, grype, syft, crossplane, src-fingerprint, gptscript, act, wolfictl, kaniko, grafana-alloy, melange,...
CVE-2026-45570 vulnerabilities
Vulnerabilities for packages: flux, gitsign, goreleaser, kots, pulumi-language-yaml, skaffold, dagger, nfpm, pulumi-kubernetes-operator, pulumi-language-dotnet, argo-cd, kubescape, kargo, grype, syft, crossplane, src-fingerprint, gptscript, act, wolfictl, kaniko, grafana-alloy, melange,...
GHSA-CRHJ-59GH-8X96 vulnerabilities
Vulnerabilities for packages: google-osconfig-agent, trivy-fips, kyverno-fips, nfpm, argo-cd, kubescape, packer, crossplane, src-fingerprint, wolfictl, cerbos-fips, osv-scanner, argo-cd-fips, steampipe, redpanda-console, argo-events, argocd-image-updater-fips, chainctl, skaffold-fips, zarf,...
CVE-2026-45571 vulnerabilities
Vulnerabilities for packages: google-osconfig-agent, trivy-fips, kyverno-fips, nfpm, argo-cd, kubescape, packer, crossplane, src-fingerprint, wolfictl, cerbos-fips, osv-scanner, argo-cd-fips, steampipe, redpanda-console, argo-events, argocd-image-updater-fips, chainctl, skaffold-fips, zarf,...
GHSA-M7CR-M3PV-HGRP vulnerabilities
Vulnerabilities for packages: google-osconfig-agent, trivy-fips, kyverno-fips, nfpm, argo-cd, kubescape, packer, crossplane, src-fingerprint, wolfictl, cerbos-fips, osv-scanner, argo-cd-fips, steampipe, redpanda-console, argo-events, argocd-image-updater-fips, chainctl, skaffold-fips, zarf,...
CLEANSTART-2026-MI47415 Security fixes for CVE-2025-61729, CVE-2026-32952, ghsa-mh2q-q3fh-2475, ghsa-pjcq-xvwq-hhpj applied in versions: 1.1.0-r0, 2.4.1-r0
Multiple security vulnerabilities affect the external-secrets package. These issues are resolved in later releases. See references for individual vulnerability details...
CVE-2026-45022 vulnerabilities
Vulnerabilities for packages: google-osconfig-agent, trivy-fips, kyverno-fips, nfpm, argo-cd, kubescape, packer, crossplane, src-fingerprint, wolfictl, cerbos-fips, osv-scanner, argo-cd-fips, steampipe, redpanda-console, flux-source-controller, terragrunt-fips, argo-events,...
CVE-2026-42876
External Secrets Operator reads information from a third-party service and automatically injects the values as Kubernetes Secrets. Prior to 2.4.1, a user who only has permission to create ExternalSecret resources can cause the operator to create a Secret that Kubernetes will automatically populat...