CVE-2026-42875

Source
https://cve.org/CVERecord?id=CVE-2026-42875
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-42875.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2026-42875
Aliases
Downstream
Related
Published
2026-05-11T18:56:34.097Z
Modified
2026-07-15T01:49:07.744392016Z
Severity
  • 5.3 (Medium) CVSS_V4 - CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N CVSS Calculator
Summary
External Secrets Operator: Namespace Isolation Bypass in CAProvider ConfigMap Resolution for SecretStore
Details

External Secrets Operator reads information from a third-party service and automatically injects the values as Kubernetes Secrets. Prior to 2.4.0, Namespaced SecretStore resources that used CAProvider with type ConfigMap could resolve CA material from another namespace when caProvider.namespace was set. This bypassed the namespace boundary enforced for SecretStore-backed references in providers that rely on the shared runtime CA resolver. This vulnerability is fixed in 2.4.0.

Database specific
{
    "cwe_ids": [
        "CWE-285",
        "CWE-668"
    ],
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/42xxx/CVE-2026-42875.json",
    "cna_assigner": "GitHub_M"
}
References

Affected packages

Git / github.com/external-secrets/external-secrets

Affected ranges

Type
GIT
Repo
https://github.com/external-secrets/external-secrets
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
Database specific
{
    "extracted_events": [
        {
            "introduced": "0"
        },
        {
            "fixed": "2.4.0"
        }
    ],
    "source": "AFFECTED_FIELD"
}

Affected versions

helm-chart-0.*
helm-chart-0.1.1
helm-chart-0.1.2
helm-chart-0.1.3
helm-chart-0.1.4
helm-chart-0.10.0
helm-chart-0.10.1
helm-chart-0.10.2
helm-chart-0.10.6
helm-chart-0.14.1
helm-chart-0.14.2
helm-chart-0.15.1
helm-chart-0.16.0
helm-chart-0.17.0
helm-chart-0.18.0-rc1
helm-chart-0.19.2
helm-chart-0.2.0
helm-chart-0.2.1
helm-chart-0.2.2
helm-chart-0.2.3
helm-chart-0.20.1
helm-chart-0.20.2
helm-chart-0.20.3
helm-chart-0.20.4
helm-chart-0.3.0
helm-chart-0.3.1
helm-chart-0.3.10
helm-chart-0.3.11
helm-chart-0.3.2
helm-chart-0.3.3
helm-chart-0.3.4
helm-chart-0.3.5
helm-chart-0.3.6
helm-chart-0.3.7
helm-chart-0.3.8
helm-chart-0.3.9
helm-chart-0.4.0
helm-chart-0.4.1
helm-chart-0.4.2
helm-chart-0.4.3
helm-chart-0.4.4
helm-chart-0.5.0
helm-chart-0.5.1
helm-chart-0.5.2
helm-chart-0.5.3
helm-chart-0.5.4
helm-chart-0.5.5
helm-chart-0.5.6
helm-chart-0.5.7
helm-chart-0.5.8
helm-chart-0.5.9
helm-chart-0.6.0
helm-chart-0.6.0-rc1
helm-chart-0.6.1
helm-chart-0.7.0
helm-chart-0.7.0-rc1
helm-chart-0.7.1
helm-chart-0.7.2
helm-chart-0.8.0
helm-chart-0.8.1
helm-chart-0.8.2
helm-chart-0.8.3
helm-chart-0.9.0
helm-chart-0.9.1
helm-chart-0.9.10
helm-chart-0.9.11
helm-chart-0.9.12
helm-chart-0.9.13
helm-chart-0.9.14
helm-chart-0.9.15-2
helm-chart-0.9.16
helm-chart-0.9.17
helm-chart-0.9.18
helm-chart-0.9.19
helm-chart-0.9.2
helm-chart-0.9.20
helm-chart-0.9.3
helm-chart-0.9.4
helm-chart-0.9.5
helm-chart-0.9.6
helm-chart-0.9.7
helm-chart-0.9.8
helm-chart-0.9.9
helm-chart-1.*
helm-chart-1.0.0
helm-chart-1.1.0
helm-chart-1.1.1
helm-chart-1.2.0
helm-chart-1.2.1
helm-chart-1.3.1
helm-chart-1.3.2
helm-chart-2.*
helm-chart-2.0.0
helm-chart-2.0.1
helm-chart-2.1.0
helm-chart-2.2.0
helm-chart-2.3.0
v.*
v.0.3.6
v0.*
v0.1.0
v0.1.0-esoctl
v0.1.0-render
v0.1.2
v0.1.3
v0.1.4
v0.10.0
v0.10.1
v0.10.2
v0.10.3
v0.10.4
v0.10.5
v0.10.6
v0.10.7
v0.11.0
v0.12.0
v0.12.1
v0.13.0
v0.14.0
v0.14.1
v0.14.2
v0.14.3
v0.14.4
v0.15.0
v0.15.1
v0.16.0
v0.16.1
v0.16.2
v0.17.0
v0.17.1-rc1
v0.18.0
v0.18.0-rc1
v0.18.1
v0.18.2
v0.19.0
v0.19.1
v0.19.2
v0.2.0
v0.2.0-esoctl
v0.2.1
v0.2.1-esoctl
v0.2.2
v0.2.3
v0.20.0
v0.20.1
v0.20.2
v0.20.3
v0.20.4
v0.3.0
v0.3.1
v0.3.10
v0.3.11
v0.3.2
v0.3.3
v0.3.4
v0.3.5
v0.3.6
v0.3.7
v0.3.8
v0.3.9
v0.4.0
v0.4.1
v0.4.2
v0.4.3
v0.4.4
v0.5.0
v0.5.1
v0.5.2
v0.5.3
v0.5.4
v0.5.5
v0.5.6
v0.5.7
v0.5.8
v0.5.9
v0.6.0
v0.6.0-rc1
v0.6.1
v0.7.0
v0.7.0-rc1
v0.7.1
v0.7.2
v0.7.3
v0.8.0
v0.8.1
v0.8.2
v0.8.3
v0.9.0
v0.9.1
v0.9.10
v0.9.11
v0.9.12
v0.9.13
v0.9.14
v0.9.15
v0.9.15-2
v0.9.16
v0.9.17
v0.9.18
v0.9.19
v0.9.2
v0.9.20
v0.9.3
v0.9.4
v0.9.5
v0.9.6
v0.9.7
v0.9.8
v0.9.9
v1.*
v1.0.0
v1.1.0
v1.1.1
v1.2.0
v1.2.1
v1.3.0
v1.3.1
v1.3.2
v2.*
v2.0.0
v2.0.1
v2.1.0
v2.2.0
v2.3.0

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-42875.json"