External-secrets External_secrets_operator
4 CVEs affecting External-secrets External_secrets_operator. Latest disclosed: 2026-04-14. Critical: 1, High: 2.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2024-36540 | Critical | 9.8 | 2024-07-24 | Insecure permissions in external-secrets v0.9.16 allows attackers to access sensitive data and escalate privileges by obtaining the service account's token. |
CVE-2026-22822 | High | 8.8 | 2026-01-21 | External Secrets Operator reads information from a third-party service and automatically injects the values as Kubernetes Secrets. Starting in version 0.20.2… |
CVE-2024-45041 | High | 8.3 | 2024-09-09 | External Secrets Operator is a Kubernetes operator that integrates external secret management systems. The external-secrets has a deployment called default-ext… |
CVE-2026-34984 | Medium | 6.5 | 2026-04-14 | External Secrets Operator reads information from a third-party service and automatically injects the values as Kubernetes Secrets. Versions 2.2.0 and below con… |