Vulnerabilities in external-secrets
7 resultsCVE-2024-45041HIGHExternal Secrets Operator vulnerable to privilege escalationEPSS 0.6%CVE-2025-55196HIGHExternal Secrets Operator Missing Namespace Restriction in PushSecret and SecretStore List() Calls Allows Unauthorized Secret AccessEPSS 0.3%CVE-2025-62159HIGHExternal Secrets Operator's BeyondTrust Provider has Insecure Secret RetrievalEPSS 0.3%CVE-2026-34984HIGHExternal Secrets Operator has DNS exfiltration via getHostByName in its v2 template engineEPSS 0.3%CVE-2026-42875MEDIUMExternal Secrets Operator: Namespace Isolation Bypass in CAProvider ConfigMap Resolution for SecretStoreEPSS 0.2%CVE-2026-42876MEDIUMExternal Secrets Operator: Priviledge escalation with secret overwritingEPSS 0.2%CVE-2026-22822CRITICALExternal Secrets Operator insecurely retrieves secrets through the getSecretKey templating functionEPSS 0.2%