Auth bypass in External-secrets
CVE-2026-42875
External Secrets Operator reads information from a third-party service and automatically injects the values as Kubernetes Secrets. Prior to 2.4.0, Namespaced SecretStore resources that used CAProvider with type ConfigMap could resolve CA m…
EPSS: 0.000 (13.5th percentile) — read the EPSS interpretation.
Affected products
- External-secrets — versions < 2.4.0
Weakness classification (CWE)
References
- security-advisories@github.com (x_refsource_CONFIRM)