VDB

CVE-2026-22728

CVE-2026-22728 PUBLISHED

Bitnami Sealed Secrets is vulnerable to a scope-widening attack during the secret rotation (/v1/rotate) flow. The rotation handler derives the sealing scope for the newly encrypted output from untrusted spec.template.metadata.annotations present in the input SealedSecret. By submitting a victim SealedSecret to the rotate endpoint with the annotation sealedsecrets.bitnami.com/cluster-wide=true injected into the template metadata, a remote attacker can obtain a rotated version of the secret that is cluster-wide. This bypasses original "strict" or "namespace-wide" constraints, allowing the attacker to retarget and unseal the secret in any namespace or under any name to recover the plaintext credentials.

EPSS 0.06% · 18.1th percentile

Risk Scores

EPSS Score
0.06%
18.1th percentile

Affected Products

VendorProductVersions
Bitnamisealed-secrets0
Bitnamisealed-secrets0

Timeline

  • Feb 26, 2026 CVE Published
  • Feb 26, 2026 EPSS Score
  • Feb 26, 2026 PoC Published
  • Feb 27, 2026 EPSS Score
  • Feb 27, 2026 PoC Published
  • Feb 27, 2026 PoC Published
  • Mar 1, 2026 EPSS Score
  • Mar 2, 2026 EPSS Score
  • Mar 4, 2026 EPSS Score
  • Mar 5, 2026 EPSS Score
  • Mar 7, 2026 EPSS Score
  • Mar 8, 2026 EPSS Score
Open in Interactive Console →
$ Console Community · 100/wk Open console ›