CVE-2026-22822

CRITICAL EPSS 7.1%
Published Jan 21, 20265mo ago · Modified Jun 17, 20262w ago
9.3 CVSS 4.0
Critical
Find Similar
Published Jan 21, 2026 5mo ago
Last Modified Jun 17, 2026 2w ago

Description

External Secrets Operator reads information from a third-party service and automatically injects the values as Kubernetes Secrets. Starting in version 0.20.2 and prior to version 1.2.0, the `getSecretKey` template function, while introduced for senhasegura Devops Secrets Management (DSM) provider, has the ability to fetch secrets cross-namespaces with the roleBinding of the external-secrets controller, bypassing our security mechanisms. This function was completely removed in version 1.2.0, as everything done with that templating function can be done in a different way while respecting External Secrets Operator's safeguards As a workaround, use a policy engine such as Kubernetes, Kyverno, Kubewarden, or OPA to prevent the usage of `getSecretKey` in any ExternalSecret resource.

CVSS Details

Base Score
9.3
Exploitability
Impact
Vector string
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector Local
Attack Complexity Low
Privileges Required Low
User Interaction None
Scope X

Threat Intelligence

EPSS Exploit Probability
7.1% percentile
Exploit & Patch Status
No Known Exploit
Patch Available

Weaknesses 1

CWE-863 Incorrect Authorization Authorization

Affected Products 1

VendorProductVersionRange
external-secretsexternal_secrets_operator*≥0.20.2  –  <1.2.0

References 5

  • github.com https://github.com/external-secrets/external-secrets/commit/17d3e22b8d3fbe339faf8515a95ec06ec92b1feb
    Patch
  • github.com https://github.com/external-secrets/external-secrets/issues/5690
    Issue Tracking
  • github.com https://github.com/external-secrets/external-secrets/pull/3895
    Issue Tracking
  • github.com https://github.com/external-secrets/external-secrets/releases/tag/v1.2.0
    ProductRelease Notes
  • github.com https://github.com/external-secrets/external-secrets/security/advisories/GHSA-77v3-r3jw-j2v2
    Vendor Advisory

Remediation

  • github.com https://github.com/external-secrets/external-secrets/commit/17d3e22b8d3fbe339faf8515a95ec06ec92b1feb
    Patch