A Leader in the 2026 Gartner® Magic Quadrant™ for Endpoint Protection. Six years running.Six years. Gartner® Magic Quadrant™ Leader.Find Out Why
Experiencing a Breach?Blog
Get StartedContact Us
SentinelOne
  • Platform
    Platform Overview
    • Singularity Platform
      Welcome to Integrated Enterprise Security
    • AI for Security
      Leading the Way in AI-Powered Security Solutions
    • Securing AI
      Accelerate AI Adoption with Secure AI Tools, Apps, and Agents.
    • How It Works
      The Singularity XDR Difference
    • Singularity Marketplace
      One-Click Integrations to Unlock the Power of XDR
    • Pricing & Packaging
      Comparisons and Guidance at a Glance
    Data & AI
    • Purple AI
      Accelerate SecOps with Generative AI
    • Singularity Hyperautomation
      Easily Automate Security Processes
    • AI-SIEM
      The AI SIEM for the Autonomous SOC
    • AI Data Pipelines
      Security Data Pipeline for AI SIEM and Data Optimization
    • Singularity Data Lake
      AI-Powered, Unified Data Lake
    • Singularity Data Lake for Log Analytics
      Seamlessly Ingest Data from On-Prem, Cloud or Hybrid Environments
    Endpoint Security
    • Singularity Endpoint
      Autonomous Prevention, Detection, and Response
    • Singularity XDR
      Native & Open Protection, Detection, and Response
    • Singularity RemoteOps Forensics
      Orchestrate Forensics at Scale
    • Singularity Threat Intelligence
      Comprehensive Adversary Intelligence
    • Singularity Vulnerability Management
      Application & OS Vulnerability Management
    • Singularity Identity
      Identity Threat Detection and Response
    Cloud Security
    • Singularity Cloud Security
      Block Attacks with an AI-Powered CNAPP
    • Singularity Cloud Native Security
      Secure Cloud and Development Resources
    • Singularity Cloud Workload Security
      Real-Time Cloud Workload Protection Platform
    • Singularity Cloud Data Security
      AI-Powered Threat Detection for Cloud Storage
    • Singularity Cloud Security Posture Management
      Detect and Remediate Cloud Misconfigurations
    Securing AI
    • Prompt Security
      Secure AI Tools Across Your Enterprise
  • Why SentinelOne?
    Why SentinelOne?
    • Why SentinelOne?
      Cybersecurity Built for What’s Next
    • Our Customers
      Trusted by the World’s Leading Enterprises
    • Industry Recognition
      Tested and Proven by the Experts
    • About Us
      The Industry Leader in Autonomous Cybersecurity
    Compare SentinelOne
    • Arctic Wolf
    • Broadcom
    • CrowdStrike
    • Cybereason
    • Microsoft
    • Palo Alto Networks
    • Sophos
    • Splunk
    • Trellix
    • Trend Micro
    • Wiz
    Verticals
    • Energy
    • Federal Government
    • Finance
    • Healthcare
    • Higher Education
    • K-12 Education
    • Manufacturing
    • Retail
    • State and Local Government
  • Services
    Managed Services
    • Managed Services Overview
      Wayfinder Threat Detection & Response
    • Threat Hunting
      World-Class Expertise and Threat Intelligence
    • Managed Detection & Response
      24/7/365 Expert MDR Across Your Entire Environment
    • Incident Readiness & Response
      DFIR, Breach Readiness, & Compromise Assessments
    Support, Deployment, & Health
    • Technical Account Management
      Customer Success with Personalized Service
    • SentinelOne GO
      Guided Onboarding & Deployment Advisory
    • SentinelOne University
      Live and On-Demand Training
    • Services Overview
      Comprehensive Solutions for Seamless Security Operations
    • SentinelOne Community
      Community Login
  • Partners
    Our Network
    • MSSP Partners
      Succeed Faster with SentinelOne
    • Singularity Marketplace
      Extend the Power of S1 Technology
    • Cyber Risk Partners
      Enlist Pro Response and Advisory Teams
    • Technology Alliances
      Integrated, Enterprise-Scale Solutions
    • SentinelOne for AWS
      Hosted in AWS Regions Around the World
    • Channel Partners
      Deliver the Right Solutions, Together
    • SentinelOne for Google Cloud
      Unified, Autonomous Security Giving Defenders the Advantage at Global Scale
    • Partner Locator
      Your Go-to Source for Our Top Partners in Your Region
    Partner Portal→
  • Resources
    Resource Center
    • Case Studies
    • Data Sheets
    • eBooks
    • Reports
    • Videos
    • Webinars
    • Whitepapers
    • Events
    View All Resources→
    Blog
    • Feature Spotlight
    • For CISO/CIO
    • From the Front Lines
    • Identity
    • Cloud
    • macOS
    • SentinelOne Blog
    Blog→
    Tech Resources
    • SentinelLABS
    • Ransomware Anthology
    • Cybersecurity 101
  • About
    About SentinelOne
    • About SentinelOne
      The Industry Leader in Cybersecurity
    • Investor Relations
      Financial Information & Events
    • SentinelLABS
      Threat Research for the Modern Threat Hunter
    • Careers
      The Latest Job Opportunities
    • Press & News
      Company Announcements
    • Cybersecurity Blog
      The Latest Cybersecurity Threats, News, & More
    • FAQ
      Get Answers to Our Most Frequently Asked Questions
    • DataSet
      The Live Data Platform
    • S Foundation
      Securing a Safer Future for All
    • S Ventures
      Investing in the Next Generation of Security, Data and AI
  • Pricing
Get StartedContact Us
CVE Vulnerability Database
Vulnerability Database/CVE-2025-55196

CVE-2025-55196: External Secrets Operator Vulnerability

CVE-2025-55196 is an information disclosure vulnerability in External Secrets Operator that allows attackers to bypass namespace restrictions and access secrets cluster-wide. This article covers technical details, affected versions, impact, and mitigation strategies.

Published: May 26, 2026

CVE-2025-55196 Overview

CVE-2025-55196 is a broken access control vulnerability [CWE-284] in External Secrets Operator (ESO), a Kubernetes operator that integrates external secret management systems with cluster workloads. The PushSecret controller invokes List() calls against Secret and SecretStore resources without applying a namespace selector. Attackers with permissions to create or update PushSecret resources and control SecretStore configurations can use label selectors to enumerate and read secrets across the entire cluster. The flaw affects versions 0.15.0 through versions prior to 0.19.2. Successful exploitation enables full disclosure of Kubernetes secrets, including credentials and API tokens stored in arbitrary namespaces.

Critical Impact

An authenticated tenant with PushSecret privileges can exfiltrate cluster-wide secrets, bypassing Kubernetes namespace isolation boundaries.

Affected Products

  • External Secrets Operator versions 0.15.0 through 0.19.1
  • Kubernetes clusters running the ESO PushSecret controller
  • Multi-tenant clusters relying on namespace-scoped RBAC for secret isolation

Discovery Timeline

  • 2025-08-13 - CVE-2025-55196 published to NVD
  • 2026-04-15 - Last updated in NVD database

Technical Details for CVE-2025-55196

Vulnerability Analysis

The External Secrets Operator synchronizes secrets between Kubernetes and external providers such as AWS Secrets Manager, HashiCorp Vault, and GCP Secret Manager. The PushSecret custom resource directs ESO to take a Kubernetes Secret and push it outward to an external store. To resolve which secrets to push, the controller issues List() operations against the Kubernetes API.

In versions 0.15.0 to 0.19.1, these List() calls omitted a namespace selector. The controller therefore searched across all namespaces rather than restricting the query to the namespace owning the PushSecret resource. The label selectors supplied in the PushSecret spec then matched secrets cluster-wide.

This behavior breaks the namespace boundary that operators commonly use to isolate tenant workloads. The CVSS 4.0 vector indicates network attack vector with low privileges, high confidentiality impact, and no required user interaction.

Root Cause

The root cause is missing access control enforcement [CWE-284] in the controller's resource enumeration logic. The list selector did not pass client.InNamespace(pushSecret.Namespace) to the controller-runtime client. The reconciler trusted the requester's label selector without scoping the query to the resource's own namespace.

Attack Vector

An attacker requires permission to create or update PushSecret and SecretStore resources in any single namespace they control. The attacker crafts a PushSecret referencing a label selector that matches target secrets in other namespaces, and configures a SecretStore pointing to an external endpoint they control. When the controller reconciles the resource, it lists matching secrets across the cluster and pushes their contents to the attacker-controlled destination. No additional Kubernetes RBAC permissions on the victim namespaces are required because the controller's service account performs the privileged read.

The vulnerability is described in prose only because no public proof-of-concept code has been verified. See the GitHub Security Advisory GHSA-fcxq-v2r3-cc8h for technical details.

Detection Methods for CVE-2025-55196

Indicators of Compromise

  • PushSecret resources containing broad or wildcard-style label selectors that match secrets outside the resource's namespace
  • SecretStore configurations referencing external endpoints not on an approved provider allowlist
  • Audit log entries showing the ESO controller service account performing list operations on secrets across many namespaces in short succession
  • Outbound network traffic from ESO controller pods to unexpected external secret store URLs

Detection Strategies

  • Enable Kubernetes API server audit logging at the Metadata level or higher and alert on list verbs against secrets issued by the ESO service account when target namespaces exceed the ESO operator namespace
  • Inventory all PushSecret and SecretStore resources in the cluster and flag any with selectors that resolve to secrets in namespaces other than their own
  • Compare the running ESO image tag against version 0.19.2 or later using admission controllers or policy engines such as Kyverno or OPA Gatekeeper

Monitoring Recommendations

  • Track creation and update events on PushSecret and SecretStore resources and forward them to a SIEM for correlation with identity context
  • Monitor egress traffic from the external-secrets namespace for new destination hosts that were not previously communicated with
  • Alert on any change to RBAC bindings granting create or update on pushsecrets.external-secrets.io or secretstores.external-secrets.io

How to Mitigate CVE-2025-55196

Immediate Actions Required

  • Upgrade External Secrets Operator to version 0.19.2 or later across all clusters
  • Audit existing PushSecret and SecretStore resources for selectors or endpoints indicating attempted cross-namespace access
  • Restrict RBAC so only trusted service accounts can create, update, or patchPushSecret and SecretStore resources
  • Rotate any Kubernetes secrets, credentials, or tokens that may have been exposed during the vulnerable window

Patch Information

The maintainers patched the issue in External Secrets Operator version 0.19.2. The fix applies a namespace selector to the controller's List() calls. Review the upstream changes in GitHub Pull Request #5109, GitHub Pull Request #5133, and the commits 39cdba5 and de40e8f.

Workarounds

  • Restrict cluster RBAC so that only vetted service accounts and operators can manage PushSecret and SecretStore custom resources
  • Apply admission policies that reject PushSecret resources containing overly broad label selectors
  • Use ClusterSecretStore references with explicit namespaceSelectors and avoid granting tenants permission to create new stores
  • Network-restrict the ESO controller egress to an allowlist of approved external secret provider endpoints
bash
# Configuration example
helm upgrade external-secrets external-secrets/external-secrets \
  --namespace external-secrets \
  --version 0.19.2

kubectl get pushsecrets,secretstores,clustersecretstores -A

Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.

  • Vulnerability Details
  • TypeInformation Disclosure
  • Vendor/TechExternal Secrets Operator
  • SeverityHIGH
  • CVSS Score7.1
  • EPSS Probability0.10%
  • Known ExploitedNo
  • CVSS Vector
  • CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
  • Impact Assessment
  • ConfidentialityLow
  • IntegrityNone
  • AvailabilityNone
  • CWE References
  • CWE-284
  • Technical References
  • GitHub Commit Update
  • GitHub Commit Improvement
  • GitHub Pull Request #5109
  • GitHub Pull Request #5133
  • GitHub Security Advisory GHSA-fcxq-v2r3-cc8h
  • Related CVEs
  • CVE-2026-34984: External Secrets Operator DNS Leak Flaw
  • CVE-2026-42876: External Secrets Operator Escalation Flaw
  • CVE-2026-42875: External Secrets Operator Auth Bypass
  • CVE-2026-22822: External Secrets Operator Auth Bypass Flaw
Default Legacy - Prefooter | Experience the World’s Most Advanced Cybersecurity Platform

Experience the Most Advanced Cybersecurity Platform

See how the world’s most intelligent, autonomous cybersecurity platform can protect your organization today and into the future.

Try SentinelOne
  • Get Started
  • Get a Demo
  • Product Tour
  • Why SentinelOne
  • Pricing & Packaging
  • FAQ
  • Contact
  • Contact Us
  • Customer Support
  • SentinelOne Status
  • Language
  • Platform
  • Singularity Platform
  • Singularity Endpoint
  • Singularity Cloud
  • Singularity AI-SIEM
  • Singularity Identity
  • Singularity Marketplace
  • Purple AI
  • Services
  • Wayfinder TDR
  • SentinelOne GO
  • Technical Account Management
  • Support Services
  • Verticals
  • Energy
  • Federal Government
  • Finance
  • Healthcare
  • Higher Education
  • K-12 Education
  • Manufacturing
  • Retail
  • State and Local Government
  • Cybersecurity for SMB
  • Resources
  • Blog
  • Labs
  • Case Studies
  • Videos
  • Product Tours
  • Events
  • Cybersecurity 101
  • eBooks
  • Webinars
  • Whitepapers
  • Press
  • News
  • Ransomware Anthology
  • Company
  • About Us
  • Our Customers
  • Careers
  • Partners
  • Legal & Compliance
  • Security & Compliance
  • Investor Relations
  • S Foundation
  • S Ventures

©2026 SentinelOne, All Rights Reserved.

Privacy Notice Terms of Use

English