Vulnerability-Lookup

CVE-2026-22728 (GCVE-0-2026-22728)

Vulnerability from cvelistv5 – Published: 2026-02-26 00:50 – Updated: 2026-02-26 15:58

Title

sealed-secrets /v1/rotate can widen sealing scope to cluster-wide via attacker-controlled template annotations

Summary

Bitnami Sealed Secrets is vulnerable to a scope-widening attack during the secret rotation (/v1/rotate) flow. The rotation handler derives the sealing scope for the newly encrypted output from untrusted spec.template.metadata.annotations present in the input SealedSecret. By submitting a victim SealedSecret to the rotate endpoint with the annotation sealedsecrets.bitnami.com/cluster-wide=true injected into the template metadata, a remote attacker can obtain a rotated version of the secret that is cluster-wide. This bypasses original "strict" or "namespace-wide" constraints, allowing the attacker to retarget and unseal the secret in any namespace or under any name to recover the plaintext credentials.

Severity ?

4.9 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N

CWE

CWE-284

Assigner

vmware

References

URL

Tags

https://github.com/bitnami-labs/sealed-secrets/se…

Impacted products

	Vendor	Product	Version
	Bitnami	sealed-secrets	Affected: 0.35.0 , < <0.36.0 (custom)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-22728",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-02-26T15:58:00.603738Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-02-26T15:58:32.372Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "sealed-secrets",
          "vendor": "Bitnami",
          "versions": [
            {
              "lessThan": "\u003c0.36.0",
              "status": "affected",
              "version": "0.35.0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cspan style=\"background-color: rgb(241, 242, 244);\"\u003eBitnami \u003c/span\u003e\u003cb\u003eSealed Secrets\u003c/b\u003e\u003cspan style=\"background-color: rgb(241, 242, 244);\"\u003e\u0026nbsp;is vulnerable to a scope-widening attack during\u003c/span\u003e\u003cbr\u003e\u003cspan style=\"background-color: rgb(241, 242, 244);\"\u003ethe secret rotation (/v1/rotate) flow. The rotation handler derives the\u003c/span\u003e\u003cbr\u003e\u003cspan style=\"background-color: rgb(241, 242, 244);\"\u003esealing scope for the newly encrypted output from untrusted\u003c/span\u003e\u003cbr\u003e\u003cspan style=\"background-color: rgb(241, 242, 244);\"\u003espec.template.metadata.annotations present in the input SealedSecret.\u003c/span\u003e\u003cbr\u003e\u003cspan style=\"background-color: rgb(241, 242, 244);\"\u003eBy submitting a victim SealedSecret to the rotate endpoint with the\u003c/span\u003e\u003cbr\u003e\u003cspan style=\"background-color: rgb(241, 242, 244);\"\u003eannotation sealedsecrets.bitnami.com/cluster-wide=true injected into the\u003c/span\u003e\u003cbr\u003e\u003cspan style=\"background-color: rgb(241, 242, 244);\"\u003etemplate metadata, a remote attacker can obtain a rotated version of the\u003c/span\u003e\u003cbr\u003e\u003cspan style=\"background-color: rgb(241, 242, 244);\"\u003esecret that is cluster-wide. This bypasses original \"strict\" or\u003c/span\u003e\u003cbr\u003e\u003cspan style=\"background-color: rgb(241, 242, 244);\"\u003e\"namespace-wide\" constraints, allowing the attacker to retarget and unseal\u003c/span\u003e\u003cbr\u003e\u003cspan style=\"background-color: rgb(241, 242, 244);\"\u003ethe secret in any namespace or under any name to recover the plaintext\u003c/span\u003e\u003cbr\u003e\u003cspan style=\"background-color: rgb(241, 242, 244);\"\u003ecredentials.\u003c/span\u003e\u003cbr\u003e"
            }
          ],
          "value": "Bitnami Sealed Secrets\u00a0is vulnerable to a scope-widening attack during\nthe secret rotation (/v1/rotate) flow. The rotation handler derives the\nsealing scope for the newly encrypted output from untrusted\nspec.template.metadata.annotations present in the input SealedSecret.\nBy submitting a victim SealedSecret to the rotate endpoint with the\nannotation sealedsecrets.bitnami.com/cluster-wide=true injected into the\ntemplate metadata, a remote attacker can obtain a rotated version of the\nsecret that is cluster-wide. This bypasses original \"strict\" or\n\"namespace-wide\" constraints, allowing the attacker to retarget and unseal\nthe secret in any namespace or under any name to recover the plaintext\ncredentials."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 4.9,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "HIGH",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-284",
              "description": "CWE-284",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-02-26T00:50:00.863Z",
        "orgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
        "shortName": "vmware"
      },
      "references": [
        {
          "url": "https://github.com/bitnami-labs/sealed-secrets/security/advisories/GHSA-465p-v42x-3fmj"
        }
      ],
      "source": {
        "discovery": "EXTERNAL"
      },
      "title": "sealed-secrets /v1/rotate can widen sealing scope to cluster-wide via attacker-controlled template annotations",
      "x_generator": {
        "engine": "Vulnogram 0.5.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
    "assignerShortName": "vmware",
    "cveId": "CVE-2026-22728",
    "datePublished": "2026-02-26T00:50:00.863Z",
    "dateReserved": "2026-01-09T06:54:41.497Z",
    "dateUpdated": "2026-02-26T15:58:32.372Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2",
  "vulnerability-lookup:meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2026-22728\",\"sourceIdentifier\":\"security@vmware.com\",\"published\":\"2026-02-26T02:16:20.187\",\"lastModified\":\"2026-02-27T14:06:59.787\",\"vulnStatus\":\"Awaiting Analysis\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Bitnami Sealed Secrets\u00a0is vulnerable to a scope-widening attack during\\nthe secret rotation (/v1/rotate) flow. The rotation handler derives the\\nsealing scope for the newly encrypted output from untrusted\\nspec.template.metadata.annotations present in the input SealedSecret.\\nBy submitting a victim SealedSecret to the rotate endpoint with the\\nannotation sealedsecrets.bitnami.com/cluster-wide=true injected into the\\ntemplate metadata, a remote attacker can obtain a rotated version of the\\nsecret that is cluster-wide. This bypasses original \\\"strict\\\" or\\n\\\"namespace-wide\\\" constraints, allowing the attacker to retarget and unseal\\nthe secret in any namespace or under any name to recover the plaintext\\ncredentials.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"security@vmware.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N\",\"baseScore\":4.9,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"HIGH\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":1.2,\"impactScore\":3.6}]},\"weaknesses\":[{\"source\":\"security@vmware.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-284\"}]}],\"references\":[{\"url\":\"https://github.com/bitnami-labs/sealed-secrets/security/advisories/GHSA-465p-v42x-3fmj\",\"source\":\"security@vmware.com\"}]}}",
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2026-22728\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2026-02-26T15:58:00.603738Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2026-02-26T15:58:19.231Z\"}}], \"cna\": {\"title\": \"sealed-secrets /v1/rotate can widen sealing scope to cluster-wide via attacker-controlled template annotations\", \"source\": {\"discovery\": \"EXTERNAL\"}, \"metrics\": [{\"format\": \"CVSS\", \"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 4.9, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"MEDIUM\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N\", \"integrityImpact\": \"NONE\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"NONE\", \"privilegesRequired\": \"HIGH\", \"confidentialityImpact\": \"HIGH\"}, \"scenarios\": [{\"lang\": \"en\", \"value\": \"GENERAL\"}]}], \"affected\": [{\"vendor\": \"Bitnami\", \"product\": \"sealed-secrets\", \"versions\": [{\"status\": \"affected\", \"version\": \"0.35.0\", \"lessThan\": \"\u003c0.36.0\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unaffected\"}], \"references\": [{\"url\": \"https://github.com/bitnami-labs/sealed-secrets/security/advisories/GHSA-465p-v42x-3fmj\"}], \"x_generator\": {\"engine\": \"Vulnogram 0.5.0\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"Bitnami Sealed Secrets\\u00a0is vulnerable to a scope-widening attack during\\nthe secret rotation (/v1/rotate) flow. The rotation handler derives the\\nsealing scope for the newly encrypted output from untrusted\\nspec.template.metadata.annotations present in the input SealedSecret.\\nBy submitting a victim SealedSecret to the rotate endpoint with the\\nannotation sealedsecrets.bitnami.com/cluster-wide=true injected into the\\ntemplate metadata, a remote attacker can obtain a rotated version of the\\nsecret that is cluster-wide. This bypasses original \\\"strict\\\" or\\n\\\"namespace-wide\\\" constraints, allowing the attacker to retarget and unseal\\nthe secret in any namespace or under any name to recover the plaintext\\ncredentials.\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"\u003cspan style=\\\"background-color: rgb(241, 242, 244);\\\"\u003eBitnami \u003c/span\u003e\u003cb\u003eSealed Secrets\u003c/b\u003e\u003cspan style=\\\"background-color: rgb(241, 242, 244);\\\"\u003e\u0026nbsp;is vulnerable to a scope-widening attack during\u003c/span\u003e\u003cbr\u003e\u003cspan style=\\\"background-color: rgb(241, 242, 244);\\\"\u003ethe secret rotation (/v1/rotate) flow. The rotation handler derives the\u003c/span\u003e\u003cbr\u003e\u003cspan style=\\\"background-color: rgb(241, 242, 244);\\\"\u003esealing scope for the newly encrypted output from untrusted\u003c/span\u003e\u003cbr\u003e\u003cspan style=\\\"background-color: rgb(241, 242, 244);\\\"\u003espec.template.metadata.annotations present in the input SealedSecret.\u003c/span\u003e\u003cbr\u003e\u003cspan style=\\\"background-color: rgb(241, 242, 244);\\\"\u003eBy submitting a victim SealedSecret to the rotate endpoint with the\u003c/span\u003e\u003cbr\u003e\u003cspan style=\\\"background-color: rgb(241, 242, 244);\\\"\u003eannotation sealedsecrets.bitnami.com/cluster-wide=true injected into the\u003c/span\u003e\u003cbr\u003e\u003cspan style=\\\"background-color: rgb(241, 242, 244);\\\"\u003etemplate metadata, a remote attacker can obtain a rotated version of the\u003c/span\u003e\u003cbr\u003e\u003cspan style=\\\"background-color: rgb(241, 242, 244);\\\"\u003esecret that is cluster-wide. This bypasses original \\\"strict\\\" or\u003c/span\u003e\u003cbr\u003e\u003cspan style=\\\"background-color: rgb(241, 242, 244);\\\"\u003e\\\"namespace-wide\\\" constraints, allowing the attacker to retarget and unseal\u003c/span\u003e\u003cbr\u003e\u003cspan style=\\\"background-color: rgb(241, 242, 244);\\\"\u003ethe secret in any namespace or under any name to recover the plaintext\u003c/span\u003e\u003cbr\u003e\u003cspan style=\\\"background-color: rgb(241, 242, 244);\\\"\u003ecredentials.\u003c/span\u003e\u003cbr\u003e\", \"base64\": false}]}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-284\", \"description\": \"CWE-284\"}]}], \"providerMetadata\": {\"orgId\": \"dcf2e128-44bd-42ed-91e8-88f912c1401d\", \"shortName\": \"vmware\", \"dateUpdated\": \"2026-02-26T00:50:00.863Z\"}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2026-22728\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2026-02-26T15:58:32.372Z\", \"dateReserved\": \"2026-01-09T06:54:41.497Z\", \"assignerOrgId\": \"dcf2e128-44bd-42ed-91e8-88f912c1401d\", \"datePublished\": \"2026-02-26T00:50:00.863Z\", \"assignerShortName\": \"vmware\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }
  }
}

FKIE_CVE-2026-22728

Vulnerability from fkie_nvd - Published: 2026-02-26 02:16 - Updated: 2026-02-27 14:06

Severity ?

4.9 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N

Summary

References

	URL	Tags
	security@vmware.com	https://github.com/bitnami-labs/sealed-secrets/security/advisories/GHSA-465p-v42x-3fmj

Impacted products

	Vendor	Product	Version

JSON

To clipboard

{
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Bitnami Sealed Secrets\u00a0is vulnerable to a scope-widening attack during\nthe secret rotation (/v1/rotate) flow. The rotation handler derives the\nsealing scope for the newly encrypted output from untrusted\nspec.template.metadata.annotations present in the input SealedSecret.\nBy submitting a victim SealedSecret to the rotate endpoint with the\nannotation sealedsecrets.bitnami.com/cluster-wide=true injected into the\ntemplate metadata, a remote attacker can obtain a rotated version of the\nsecret that is cluster-wide. This bypasses original \"strict\" or\n\"namespace-wide\" constraints, allowing the attacker to retarget and unseal\nthe secret in any namespace or under any name to recover the plaintext\ncredentials."
    }
  ],
  "id": "CVE-2026-22728",
  "lastModified": "2026-02-27T14:06:59.787",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 4.9,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "NONE",
          "privilegesRequired": "HIGH",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 1.2,
        "impactScore": 3.6,
        "source": "security@vmware.com",
        "type": "Secondary"
      }
    ]
  },
  "published": "2026-02-26T02:16:20.187",
  "references": [
    {
      "source": "security@vmware.com",
      "url": "https://github.com/bitnami-labs/sealed-secrets/security/advisories/GHSA-465p-v42x-3fmj"
    }
  ],
  "sourceIdentifier": "security@vmware.com",
  "vulnStatus": "Awaiting Analysis",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-284"
        }
      ],
      "source": "security@vmware.com",
      "type": "Secondary"
    }
  ]
}

GHSA-465P-V42X-3FMJ

Vulnerability from github – Published: 2026-02-26 22:49 – Updated: 2026-02-26 22:49

Summary

Sealed Secrets for Kubernetes: Rotate API Allows Scope Widening from Strict/Namespace-Wide to Cluster-Wide via Untrusted Template Annotations

Details

This report shows a scope-widening issue in the rotate (re-encrypt) flow: the output scope can be derived from untrusted spec.template.metadata.annotations on the input sealed secret.

If a victim sealed secret is strict- or namespace-scoped, an attacker who can submit it to the rotate endpoint can set sealedsecrets.bitnami.com/cluster-wide=true in the template metadata and receive a rotated sealed secret that is cluster-wide, enabling retargeting (metadata.name/metadata.namespace) and unsealing to recover the victim plaintext.

Relevant Links (Pinned)

Rotate handler uses NewSealedSecret(..., secret) after unsealing: https://github.com/bitnami-labs/sealed-secrets/blob/946bc048f3407117c837da6e4300686522d4c4eb/pkg/controller/controller.go#L560-L606
Scope derivation reads secret annotations (SecretScope): https://github.com/bitnami-labs/sealed-secrets/blob/946bc048f3407117c837da6e4300686522d4c4eb/pkg/apis/sealedsecrets/v1alpha1/sealedsecret_expansion.go#L112-L122

Root Cause

The rotate flow unseals the input sealed secret to a Secret, then reseals using NewSealedSecret(..., secret).

Because SecretScope(secret) is computed from secret annotations, and unsealing applies spec.template metadata onto the unsealed secret, an attacker can influence the scope of the rotated output by mutating template annotations on the rotate input.

Attack Path

Attacker obtains a victim SealedSecret object (for example via read access to resources or logs) and can submit it to the controller rotate endpoint.
Attacker sets spec.template.metadata.annotations.sealedsecrets.bitnami.com/cluster-wide=true (and optionally retargets name/namespace fields).
Rotate returns a resealed, cluster-wide sealed secret that is no longer bound to the victim name/namespace.
Attacker unseals the rotated output in their chosen namespace/name to recover the victim plaintext.

Proof of Concept

Setup + run:

unzip poc.zip -d poc
cd poc
make test

Canonical output (excerpt):

[CALLSITE_HIT]: pkg/apis/sealedsecrets/v1alpha1/sealedsecret_expansion.go:112 SecretScope
[PROOF_MARKER]: scope_widened=true rotated_scope=cluster-wide

Control output (excerpt):

[NC_MARKER]: scope_widened=false strict_scope_preserved=true

Fix Accepted When

Rotate preserves the original sealing scope and does not allow scope widening based on untrusted template metadata; strict or namespace-wide inputs cannot produce cluster-wide outputs.

poc.zip PR_DESCRIPTION.md attack_scenario.md

Severity ?

4.9 (Medium)


                  
                    CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N

Show details on source website

JSON

To clipboard

{
  "affected": [
    {
      "package": {
        "ecosystem": "Go",
        "name": "github.com/bitnami-labs/sealed-secrets"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "0.36.0"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2026-22728"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-284"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2026-02-26T22:49:14Z",
    "nvd_published_at": "2026-02-26T02:16:20Z",
    "severity": "MODERATE"
  },
  "details": "This report shows a scope-widening issue in the rotate (re-encrypt) flow: the output scope can be derived from untrusted `spec.template.metadata.annotations` on the input sealed secret.\n\nIf a victim sealed secret is strict- or namespace-scoped, an attacker who can submit it to the rotate endpoint can set `sealedsecrets.bitnami.com/cluster-wide=true` in the template metadata and receive a rotated sealed secret that is cluster-wide, enabling retargeting (`metadata.name`/`metadata.namespace`) and unsealing to recover the victim plaintext.\n\n## Relevant Links (Pinned)\n\n- Rotate handler uses `NewSealedSecret(..., secret)` after unsealing: https://github.com/bitnami-labs/sealed-secrets/blob/946bc048f3407117c837da6e4300686522d4c4eb/pkg/controller/controller.go#L560-L606\n- Scope derivation reads secret annotations (`SecretScope`): https://github.com/bitnami-labs/sealed-secrets/blob/946bc048f3407117c837da6e4300686522d4c4eb/pkg/apis/sealedsecrets/v1alpha1/sealedsecret_expansion.go#L112-L122\n\n## Root Cause\n\nThe rotate flow unseals the input sealed secret to a `Secret`, then reseals using `NewSealedSecret(..., secret)`.\n\nBecause `SecretScope(secret)` is computed from secret annotations, and unsealing applies `spec.template` metadata onto the unsealed secret, an attacker can influence the scope of the rotated output by mutating template annotations on the rotate input.\n\n## Attack Path\n\n1. Attacker obtains a victim `SealedSecret` object (for example via read access to resources or logs) and can submit it to the controller rotate endpoint.\n2. Attacker sets `spec.template.metadata.annotations.sealedsecrets.bitnami.com/cluster-wide=true` (and optionally retargets name/namespace fields).\n3. Rotate returns a resealed, cluster-wide sealed secret that is no longer bound to the victim name/namespace.\n4. Attacker unseals the rotated output in their chosen namespace/name to recover the victim plaintext.\n\n## Proof of Concept\n\nSetup + run:\n\n```bash\nunzip poc.zip -d poc\ncd poc\nmake test\n```\n\nCanonical output (excerpt):\n\n```\n[CALLSITE_HIT]: pkg/apis/sealedsecrets/v1alpha1/sealedsecret_expansion.go:112 SecretScope\n[PROOF_MARKER]: scope_widened=true rotated_scope=cluster-wide\n```\n\nControl output (excerpt):\n\n```\n[NC_MARKER]: scope_widened=false strict_scope_preserved=true\n```\n\n## Fix Accepted When\n\nRotate preserves the original sealing scope and does not allow scope widening based on untrusted template metadata; strict or namespace-wide inputs cannot produce cluster-wide outputs.\n\n[poc.zip](https://github.com/user-attachments/files/25080027/poc.zip)\n[PR_DESCRIPTION.md](https://github.com/user-attachments/files/25080028/PR_DESCRIPTION.md)\n[attack_scenario.md](https://github.com/user-attachments/files/25080029/attack_scenario.md)",
  "id": "GHSA-465p-v42x-3fmj",
  "modified": "2026-02-26T22:49:14Z",
  "published": "2026-02-26T22:49:14Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/bitnami-labs/sealed-secrets/security/advisories/GHSA-465p-v42x-3fmj"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-22728"
    },
    {
      "type": "WEB",
      "url": "https://github.com/bitnami-labs/sealed-secrets/commit/d57ee4a8357d250e602b995399b525496ab688c1"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/bitnami-labs/sealed-secrets"
    },
    {
      "type": "WEB",
      "url": "https://github.com/bitnami-labs/sealed-secrets/releases/tag/v0.36.0"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Sealed Secrets for Kubernetes: Rotate API Allows Scope Widening from Strict/Namespace-Wide to Cluster-Wide via Untrusted Template Annotations"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2026-22728 (GCVE-0-2026-22728)

FKIE_CVE-2026-22728

GHSA-465P-V42X-3FMJ

Relevant Links (Pinned)

Root Cause

Attack Path

Proof of Concept

Fix Accepted When

Tags

Sightings

Nomenclature