CVE-2026-6389

IBM Turbonomic prometurbo agent 8.16.0 through 8.17.6 IBM Turbonomic Application Resource Management grants excessive cluster‑wide permissions, including unrestricted read access to all secrets. An attacker that compromises the operator or its service account can exfiltrate sensitive credentials,...

PT-2026-36199

Name of the Vulnerable Software and Affected Versions IBM Turbonomic prometurbo agent versions 8.16.0 through 8.17.6 Description IBM Turbonomic Application Resource Management grants excessive cluster-wide permissions, which include unrestricted read access to all secrets. An attacker who...

Improper Privilege Management

Overview Affected versions of this package are vulnerable to Improper Privilege Management via the ClickhouseUser/ServiceUser. An attacker can access sensitive information from other namespaces by supplying a crafted namespace value, causing the operator to read secrets from unauthorized location...

CVE-2025-55196 External Secrets Operator Missing Namespace Restriction in PushSecret and SecretStore List() Calls Allows Unauthorized Secret Access

External Secrets Operator is a Kubernetes operator that integrates external secret management systems. From version 0.15.0 to before 0.19.2, a vulnerability was discovered where the List calls for Kubernetes Secret and SecretStore resources performed by the PushSecret controller did not apply a...