{"id":"GO-2026-4565","summary":"Sealed Secrets for Kubernetes: Rotate API Allows Scope Widening from Strict/Namespace-Wide to Cluster-Wide via Untrusted Template Annotations in github.com/bitnami-labs/sealed-secrets","details":"Sealed Secrets for Kubernetes: Rotate API Allows Scope Widening from Strict/Namespace-Wide to Cluster-Wide via Untrusted Template Annotations in github.com/bitnami-labs/sealed-secrets","aliases":["BIT-sealed-secrets-2026-22728","CVE-2026-22728","GHSA-465p-v42x-3fmj"],"modified":"2026-03-23T05:11:29.088441577Z","published":"2026-03-10T18:28:01Z","related":["CGA-4jv9-3xgw-ggfc"],"database_specific":{"review_status":"UNREVIEWED","url":"https://pkg.go.dev/vuln/GO-2026-4565"},"references":[{"type":"ADVISORY","url":"https://github.com/bitnami-labs/sealed-secrets/security/advisories/GHSA-465p-v42x-3fmj"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2026-22728"},{"type":"FIX","url":"https://github.com/bitnami-labs/sealed-secrets/commit/d57ee4a8357d250e602b995399b525496ab688c1"},{"type":"WEB","url":"https://github.com/bitnami-labs/sealed-secrets/releases/tag/v0.36.0"}],"affected":[{"package":{"name":"github.com/bitnami-labs/sealed-secrets","ecosystem":"Go","purl":"pkg:golang/github.com/bitnami-labs/sealed-secrets"},"ranges":[{"type":"SEMVER","events":[{"introduced":"0"},{"fixed":"0.36.0"}]}],"ecosystem_specific":{},"database_specific":{"source":"https://vuln.go.dev/ID/GO-2026-4565.json"}}],"schema_version":"1.7.5"}