← volver
CVE-2026-42875

External Secrets Operator: Namespace Isolation Bypass in CAProvider ConfigMap Resolution for SecretStore

CVSS 5.3 MEDIUMEPSS 0.2%CWE-285CWE-668
Vexday Risk Score
13Bajo
Decisión SSVC (CISA)
Track
Sin señal de explotación → monitorear
CVSS 5.3EPSS 0.2%KEV nãoPoC Nuclei Metasploit Patch
Ciclo de vida
11 may 2026Publicada en NVD
Recomendación: Monitorear — sin señal de explotación por ahora.
External Secrets Operator reads information from a third-party service and automatically injects the values as Kubernetes Secrets. Prior to 2.4.0, Namespaced SecretStore resources that used CAProvider with type ConfigMap could resolve CA material from another namespace when caProvider.namespace was set. This bypassed the namespace boundary enforced for SecretStore-backed references in providers that rely on the shared runtime CA resolver. This vulnerability is fixed in 2.4.0.
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
Productos afectados
external-secrets · external-secrets

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →
Referencias
https://github.com/external-secrets/external-secrets/security/advisories/GHSA-wv26-88m5-6h59