CVE-2026-22728

Name of the Vulnerable Software and Affected Versions Bitnami Sealed Secrets (affected versions not specified)

Description Bitnami Sealed Secrets is susceptible to a scope-widening attack during the secret rotation process via the /v1/rotate API endpoint. The rotation handler uses untrusted data from spec.template.metadata.annotations within the input SealedSecret to determine the sealing scope for the rotated output. An attacker can exploit this by injecting the annotation sealedsecrets.bitnami.com/cluster-wide=true into the template metadata of a submitted SealedSecret. This allows the attacker to obtain a rotated, cluster-wide version of the secret, bypassing original scope restrictions and enabling them to unseal the secret in any namespace or under any name, potentially recovering plaintext credentials.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.