Bitnami Sealed Secrets is a Kubernetes controller and tool used to encrypt secrets into 'SealedSecrets' that can be safely stored in version control and decrypted only by the controller running inside the cluster. CVE-2026-22728 affects version 0.35.0 of this product and involves a scope-widening vulnerability during the secret rotation flow accessed via the /v1/rotate API endpoint. The rotation handler incorrectly trusts the spec.template.metadata.annotations field from the input SealedSecret, which is user-controlled and untrusted. By injecting the annotation sealedsecrets.bitnami.com/cluster-wide=true, an attacker can cause the rotation process to produce a sealed secret with cluster-wide scope rather than the intended strict or namespace-wide scope. This effectively bypasses the original scoping restrictions, allowing the attacker to retarget the rotated secret to any namespace or name within the cluster. Consequently, the attacker can decrypt the secret and obtain plaintext credentials that should have been limited in scope. The vulnerability is classified under CWE-284 (Improper Access Control) and has a CVSS 3.1 base score of 4.9, reflecting medium severity. Exploitation requires the attacker to have high privileges (likely cluster or namespace admin) to submit the secret for rotation but does not require user interaction. There are no known public exploits or patches at the time of publication, and the issue was reserved in early 2026 and published in February 2026.

The primary impact of this vulnerability is the unauthorized disclosure of sensitive secrets within Kubernetes clusters using Bitnami Sealed Secrets 0.35.0. By escalating the scope of sealed secrets from namespace or strict to cluster-wide, an attacker with sufficient privileges can decrypt secrets across namespaces, potentially exposing credentials, tokens, or other sensitive data. This can lead to lateral movement within the cluster, privilege escalation, and compromise of critical workloads. Organizations relying on sealed secrets for secure secret management may have their confidentiality guarantees undermined, increasing the risk of data breaches. Since the vulnerability does not affect integrity or availability, the main concern is loss of confidentiality. The requirement for high privileges limits exploitation to insiders or attackers who have already compromised cluster administrative credentials, but the impact in such cases is significant. The lack of user interaction and network accessibility of the rotate endpoint increases the risk in environments where privilege boundaries are not strictly enforced.

To mitigate this vulnerability, organizations should immediately audit and restrict access to the /v1/rotate endpoint and ensure that only trusted, authorized users or service accounts with minimal necessary privileges can perform secret rotations. Implement strict admission controls and validation on SealedSecret resources to prevent injection of unauthorized annotations, particularly sealedsecrets.bitnami.com/cluster-wide=true. Until an official patch is released, consider disabling or restricting the secret rotation feature if feasible. Monitor audit logs for suspicious rotation requests or unexpected changes in secret scopes. Employ network segmentation and role-based access control (RBAC) to limit who can submit SealedSecrets for rotation. Additionally, review and rotate any secrets that may have been exposed due to this vulnerability. Stay updated with Bitnami’s advisories for patches or updates addressing this issue and apply them promptly once available.