Aiven Operator has cross-namespace secret exfiltration via ClickhouseUser connInfoSecretSource in github.com/aiven/aiven-operator
{ "review_status": "UNREVIEWED", "url": "https://pkg.go.dev/vuln/GO-2026-5283" }
"https://vuln.go.dev/ID/GO-2026-5283.json"