Sign In

CVE-2026-34984

ADVISORY - github

Summary

Summary

The v2 template engine in runtime/template/v2/template.go imports Sprig’s TxtFuncMap() and removes env and expandenv, but leaves getHostByName available to user-controlled templates. Because ESO executes templates inside the controller process, an attacker who can create or update templated ExternalSecret resources can trigger controller-side DNS lookups using secret-derived values, creating a DNS exfiltration primitive.

Impact

This is a confidentiality issue. In environments where untrusted or lower-trust users can author templated ExternalSecret resources and the controller can perform DNS resolution, fetched secret material can be exfiltrated through DNS without requiring direct outbound access from the attacker’s workload.

EPSS Score: 0.0004 (0.119)

Common Weakness Enumeration (CWE)

ADVISORY - nist

CWE-200

Exposure of Sensitive Information to an Unauthorized Actor

ADVISORY - github

CWE-200

Exposure of Sensitive Information to an Unauthorized Actor

ADVISORY - redhat

CWE-94

Improper Control of Generation of Code ('Code Injection')

Impacted images

Advisories

NIST

CREATED

UPDATED

ADVISORY IDCVE-2026-34984
EXPLOITABILITY SCORE

-

EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)
CWE-200

CVSS SCORE

7.1high

GitHub

CREATED

UPDATED

ADVISORY IDGHSA-r2pg-r6h7-crf3
EXPLOITABILITY SCORE

-

EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)
CWE-200

CVSS SCORE

7.1high

Red Hat

CREATED

UPDATED

ADVISORY IDCVE-2026-34984
EXPLOITABILITY SCORE

2.0

EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)
CWE-94

CVSS SCORE

6.5medium

minimos

CREATED

UPDATED

ADVISORY ID

MINI-xx2p-8qq7-9wfq

EXPLOITABILITY SCORE

-

EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)-
RATING UNAVAILABLE FROM ADVISORY