CVE-2026-44935
Awaiting Analysis
Awaiting Analysis - Queue
Missing Validation in SUSE Rancher Fleet Allows Credential Access
Vulnerability report for CVE-2026-44935, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.
Publication date: 2026-07-02
Last updated on: 2026-07-02
Assigner: SUSE
Description
Description
Missing validation of "valuesFrom" references in Helm Deployer of SUSE Rancher Fleet 0.15 before 0.15.2, 0.14 before 0.14.6, 0.13 before 0.13.11 and 0.12 before 0.12.15 could be used by owners of one tenant to access fleet credentials of other tenants.
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| suse | rancher_fleet | From 0.15.0 (inc) to 0.15.2 (exc) |
| suse | rancher_fleet | From 0.14.0 (inc) to 0.14.6 (exc) |
| suse | rancher_fleet | From 0.13.0 (inc) to 0.13.11 (exc) |
| suse | rancher_fleet | From 0.12.0 (inc) to 0.12.15 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-1287 | The product receives input that is expected to be of a certain type, but it does not validate or incorrectly validates that the input is actually of the expected type. |