{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-06-25T14:20:18.824","vulnerabilities":[{"cve":{"id":"CVE-2026-22728","sourceIdentifier":"security@vmware.com","published":"2026-02-26T02:16:20.187","lastModified":"2026-06-17T10:20:18.457","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Bitnami Sealed Secrets is vulnerable to a scope-widening attack during\nthe secret rotation (/v1/rotate) flow. The rotation handler derives the\nsealing scope for the newly encrypted output from untrusted\nspec.template.metadata.annotations present in the input SealedSecret.\nBy submitting a victim SealedSecret to the rotate endpoint with the\nannotation sealedsecrets.bitnami.com/cluster-wide=true injected into the\ntemplate metadata, a remote attacker can obtain a rotated version of the\nsecret that is cluster-wide. This bypasses original \"strict\" or\n\"namespace-wide\" constraints, allowing the attacker to retarget and unseal\nthe secret in any namespace or under any name to recover the plaintext\ncredentials."},{"lang":"es","value":"Bitnami Sealed Secrets es vulnerable a un ataque de ampliación de alcance durante el flujo de rotación de secretos (/v1/rotate). El gestor de rotación deriva el alcance de sellado para la salida recién cifrada de anotaciones no confiables spec.template.metadata.annotations presentes en el SealedSecret de entrada. Al enviar un SealedSecret víctima al endpoint de rotación con la anotación sealedsecrets.bitnami.com/cluster-wide=true inyectada en los metadatos de la plantilla, un atacante remoto puede obtener una versión rotada del secreto que es a nivel de clúster. Esto elude las restricciones originales 'strict' o 'namespace-wide', permitiendo al atacante reorientar y desellar el secreto en cualquier espacio de nombres o bajo cualquier nombre para recuperar las credenciales en texto plano."}],"affected":[{"source":"security@vmware.com","affectedData":[{"vendor":"Bitnami","product":"sealed-secrets","defaultStatus":"unaffected","versions":[{"version":"0.35.0","lessThan":"<0.36.0","versionType":"custom","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security@vmware.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N","baseScore":4.9,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"HIGH","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":1.2,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-02-26T15:58:00.603738Z","id":"CVE-2026-22728","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security@vmware.com","type":"Secondary","description":[{"lang":"en","value":"CWE-284"}]}],"references":[{"url":"https://github.com/bitnami-labs/sealed-secrets/security/advisories/GHSA-465p-v42x-3fmj","source":"security@vmware.com"}]}}]}