Skip to content

Sealed Secrets for Kubernetes: Rotate API Allows Scope Widening from Strict/Namespace-Wide to Cluster-Wide via Untrusted Template Annotations

Moderate severity GitHub Reviewed Published Feb 25, 2026 in bitnami-labs/sealed-secrets

Package

gomod github.com/bitnami-labs/sealed-secrets (Go)

Affected versions

< 0.36.0

Patched versions

0.36.0

Description

This report shows a scope-widening issue in the rotate (re-encrypt) flow: the output scope can be derived from untrusted spec.template.metadata.annotations on the input sealed secret.

If a victim sealed secret is strict- or namespace-scoped, an attacker who can submit it to the rotate endpoint can set sealedsecrets.bitnami.com/cluster-wide=true in the template metadata and receive a rotated sealed secret that is cluster-wide, enabling retargeting (metadata.name/metadata.namespace) and unsealing to recover the victim plaintext.

Relevant Links (Pinned)

Root Cause

The rotate flow unseals the input sealed secret to a Secret, then reseals using NewSealedSecret(..., secret).

Because SecretScope(secret) is computed from secret annotations, and unsealing applies spec.template metadata onto the unsealed secret, an attacker can influence the scope of the rotated output by mutating template annotations on the rotate input.

Attack Path

  1. Attacker obtains a victim SealedSecret object (for example via read access to resources or logs) and can submit it to the controller rotate endpoint.
  2. Attacker sets spec.template.metadata.annotations.sealedsecrets.bitnami.com/cluster-wide=true (and optionally retargets name/namespace fields).
  3. Rotate returns a resealed, cluster-wide sealed secret that is no longer bound to the victim name/namespace.
  4. Attacker unseals the rotated output in their chosen namespace/name to recover the victim plaintext.

Proof of Concept

Setup + run:

unzip poc.zip -d poc
cd poc
make test

Canonical output (excerpt):

[CALLSITE_HIT]: pkg/apis/sealedsecrets/v1alpha1/sealedsecret_expansion.go:112 SecretScope
[PROOF_MARKER]: scope_widened=true rotated_scope=cluster-wide

Control output (excerpt):

[NC_MARKER]: scope_widened=false strict_scope_preserved=true

Fix Accepted When

Rotate preserves the original sealing scope and does not allow scope widening based on untrusted template metadata; strict or namespace-wide inputs cannot produce cluster-wide outputs.

poc.zip
PR_DESCRIPTION.md
attack_scenario.md

References

@agarcia-oss agarcia-oss published to bitnami-labs/sealed-secrets Feb 25, 2026
Published by the National Vulnerability Database Feb 26, 2026
Published to the GitHub Advisory Database Feb 26, 2026
Reviewed Feb 26, 2026

Severity

Moderate

CVSS overall score

This score calculates overall vulnerability severity from 0 to 10 and is based on the Common Vulnerability Scoring System (CVSS).
/ 10

CVSS v3 base metrics

Attack vector
Network
Attack complexity
Low
Privileges required
High
User interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
None
Availability
None

CVSS v3 base metrics

Attack vector: More severe the more the remote (logically and physically) an attacker can be in order to exploit the vulnerability.
Attack complexity: More severe for the least complex attacks.
Privileges required: More severe if no privileges are required.
User interaction: More severe when no user interaction is required.
Scope: More severe when a scope change occurs, e.g. one vulnerable component impacts resources in components beyond its security scope.
Confidentiality: More severe when loss of data confidentiality is highest, measuring the level of data access available to an unauthorized user.
Integrity: More severe when loss of data integrity is the highest, measuring the consequence of data modification possible by an unauthorized user.
Availability: More severe when the loss of impacted component availability is highest.
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N

EPSS score

Exploit Prediction Scoring System (EPSS)

This score estimates the probability of this vulnerability being exploited within the next 30 days. Data provided by FIRST.
(11th percentile)

Weaknesses

Improper Access Control

The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor. Learn more on MITRE.

CVE ID

CVE-2026-22728

GHSA ID

GHSA-465p-v42x-3fmj

Source code

Credits

Loading Checking history
See something to contribute? Suggest improvements for this vulnerability.