Package impact
Go / github.com/external-secrets/external-secrets
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2026-34984 | high | — | 8.0 | 2mo ago | External Secrets Operator has DNS-based secret exfiltration via getHostByName in External Secrets v2 template engine | |||
| CVE-2026-42875 | medium | — | 5.5 | 18d ago | External Secrets Operator has Namespace Isolation Bypass in CAProvider ConfigMap Resolution for SecretStore | |||
| CVE-2026-22822 | unknown | — | — | 4mo ago | External Secrets Operator insecurely retrieves secrets through the getSecretKey templating function in github.com/external-secrets/external-secrets | |||
| CVE-2025-55196 | unknown | — | — | 10mo ago | External Secrets Operator's Missing Namespace Restriction Allows Unauthorized Secret Access in github.com/external-secrets/external-secrets | |||
| CVE-2024-45041 | unknown | — | — | 2y ago | External Secrets Operator vulnerable to privilege escalation in github.com/external-secrets/external-secrets |