CVE-2026-44935
Awaiting Analysis Awaiting Analysis - Queue

Missing Validation in SUSE Rancher Fleet Allows Credential Access

Vulnerability report for CVE-2026-44935, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2026-07-02

Last updated on: 2026-07-02

Assigner: SUSE

Description

Missing validation of "valuesFrom" references in Helm Deployer of SUSE Rancher Fleet 0.15 before 0.15.2, 0.14 before 0.14.6, 0.13 before 0.13.11 and 0.12 before 0.12.15 could be used by owners of one tenant to access fleet credentials of other tenants.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-07-02
Last Modified
2026-07-02
Generated
2026-07-03
AI Q&A
2026-07-02
EPSS Evaluated
N/A
NVD
EUVD

Affected Vendors & Products

Showing 4 associated CPEs
Vendor Product Version / Range
suse rancher_fleet From 0.15.0 (inc) to 0.15.2 (exc)
suse rancher_fleet From 0.14.0 (inc) to 0.14.6 (exc)
suse rancher_fleet From 0.13.0 (inc) to 0.13.11 (exc)
suse rancher_fleet From 0.12.0 (inc) to 0.12.15 (exc)

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-1287 The product receives input that is expected to be of a certain type, but it does not validate or incorrectly validates that the input is actually of the expected type.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Executive Summary

CVE-2026-44935 is a critical security vulnerability in Rancher Fleet that affects multi-tenancy environments where multiple tenants share downstream clusters.

The vulnerability arises from missing validation of "valuesFrom" references in the Helm Deployer configurations, which allows tenants to bypass restrictions and access configuration maps or secrets across all namespaces on the downstream cluster.

Attackers can read secret contents if they know or guess the name, namespace, and key, or deploy HelmOp and Bundle resources without proper authorization.

Impact Analysis

This vulnerability can have severe impacts including unauthorized access to sensitive credentials and configuration data belonging to other tenants in a shared environment.

An attacker with low privileges and no user interaction can exploit this flaw remotely to compromise confidentiality, integrity, and availability of the system.

Specifically, attackers can read secret contents, deploy unauthorized resources, and potentially disrupt operations across multiple tenants sharing the downstream cluster.

Detection Guidance

This vulnerability can be detected by reviewing logs for unauthorized access attempts to config maps or secrets across namespaces in downstream clusters.

Specifically, monitoring for unexpected HelmOp and Bundle resource deployments or suspicious usage of `valuesFrom` references in Helm Deployer configurations can indicate exploitation attempts.

While no specific commands are provided, users should audit Fleet agent logs and Kubernetes audit logs for unusual access patterns or resource creations.

Mitigation Strategies

Immediate mitigation steps include upgrading Rancher Fleet to the patched versions: 0.15.2, 0.14.6, 0.13.11, or 0.12.15.

These patched versions implement mitigations such as requiring specific service accounts for Fleet agent operations and restricting HelmOp repository URLs via regular expressions.

Additionally, users should review logs for unauthorized access and rotate any credentials that may have been exposed due to this vulnerability.

Compliance Impact

This vulnerability allows tenants in a multi-tenant environment to access credentials and secrets belonging to other tenants, leading to unauthorized access to sensitive information.

Such unauthorized access to confidential data can result in violations of data protection regulations and standards like GDPR and HIPAA, which require strict controls over access to sensitive information.

Therefore, if exploited, this vulnerability could compromise compliance with these regulations by exposing protected data and failing to maintain confidentiality and integrity.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-44935. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart