Platform
go
Component
github.com/aiven/aiven-operator
Fixed in
0.37.1
0.37.0
CVE-2026-39961 is a privilege escalation vulnerability affecting the Aiven Operator, a Kubernetes operator for managing Aiven services. An attacker with create permission on ClickhouseUser Custom Resource Definitions (CRDs) can leverage a confused deputy scenario to exfiltrate secrets from any namespace within the cluster. This vulnerability impacts versions 0.36.x and is resolved in version 0.37.0.
The core of the vulnerability lies in the Aiven Operator's trust of user-supplied namespace values within the connInfoSecretSource specification. The operator's ServiceAccount possesses cluster-wide read/write access to secrets (via aiven-operator-role ClusterRole), enabling it to access sensitive data. An attacker can craft a malicious ClickhouseUser CRD that instructs the operator to read secrets from a victim's namespace and write them to a new secret within the attacker's own namespace. This effectively allows the attacker to steal production database credentials, API keys, and other sensitive tokens without requiring direct access to the victim's namespace. The blast radius is significant, as any namespace containing secrets is potentially at risk.
This vulnerability was publicly disclosed on 2026-04-10. Currently, there are no known public proof-of-concept exploits. The vulnerability's severity is assessed as medium, indicating a moderate probability of exploitation. It has not yet been added to the CISA KEV catalog. While no active campaigns are confirmed, the ease of exploitation and potential impact warrant careful monitoring and prompt remediation.
Exploit Status
EPSS
0.03% (9% percentile)
CISA SSVC
CVSS Vector
The primary mitigation is to upgrade the Aiven Operator to version 0.37.0 or later, which includes the necessary validation to prevent the confused deputy attack. If an immediate upgrade is not feasible, consider implementing stricter Role-Based Access Control (RBAC) policies to limit the permissions of the aiven-operator ServiceAccount. Specifically, restrict its ability to read secrets from namespaces it doesn't explicitly need to access. Additionally, review and audit existing ClickhouseUser CRDs to identify and remove any potentially malicious configurations. After upgrading, confirm the fix by verifying that the operator no longer attempts to read secrets from unauthorized namespaces using Kubernetes audit logs.
Update Aiven Operator to version 0.37.0 or higher to mitigate the cross-namespace secret exfiltration vulnerability. This update corrects the lack of validation of user-provided values in `spec.connInfoSecretSource`, preventing the operator from reading and writing secrets in an unauthorized manner.
Vulnerability analysis and critical alerts directly to your inbox.
CVE-2026-39961 is a medium severity vulnerability in the Aiven Operator allowing developers to steal secrets from other namespaces by exploiting a confused deputy scenario. It impacts versions 0.36.x.
If you are using Aiven Operator versions 0.36.x within a Kubernetes cluster and have developers with create permission on ClickhouseUser CRDs, you are potentially affected.
Upgrade the Aiven Operator to version 0.37.0 or later. As a temporary workaround, restrict the operator's ServiceAccount permissions to limit its access to secrets.
Currently, there are no confirmed reports of active exploitation, but the vulnerability's ease of exploitation warrants vigilance.
Refer to the official Aiven security advisory for detailed information and updates: [https://www.aiven.com/security/advisories](https://www.aiven.com/security/advisories)
Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.
Upload your go.mod file and we'll tell you instantly if you're affected.