External-secrets External Secrets Operator — known CVE vulnerabilities
Every CVE whose affected-product data names External-secrets External Secrets Operator, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (4)
CVE-2024-36540 — CVSS 9.8 (critical): Insecure permissions in external-secrets v0.9.16 allows attackers to access sensitive data and escalate privileges by obtaining the service…
CVE-2026-22822 — CVSS 8.8 (high): External Secrets Operator reads information from a third-party service and automatically injects the values as Kubernetes Secrets. Starting…
CVE-2024-45041 — CVSS 8.3 (high): External Secrets Operator is a Kubernetes operator that integrates external secret management systems. The external-secrets has a…
CVE-2026-34984 — CVSS 6.5 (medium): External Secrets Operator reads information from a third-party service and automatically injects the values as Kubernetes Secrets. Versions…