DNS Exfiltration Vulnerability in External Secrets Operator by External Secrets
CVE-2026-34984

7.1HIGH

Key Information:

Vendor: External-secrets
Status: External-secrets
Vendor: CVE Published:; 14 April 2026

🔔 Create External-secrets Vulnerability Alert

What is CVE-2026-34984?

External Secrets Operator improperly manages templates, allowing attackers to exploit user-controlled templates to perform DNS lookups. This can lead to sensitive data being leaked via DNS queries, posing significant confidentiality risks, especially in environments with untrusted users. The vulnerability has been resolved in version 2.3.0.