45 matches found
CVE-2026-44948
A path traversal vulnerability was found in Fleet's ImageScan subsystem in Rancher Fleet 0.12.0 up to 0.12.16, 0.13.0 up to 0.13.12, 0.14.0 up to 0.14.7 and 0.15.0 up to 0.15.3 could be used to traverse outside of the intended directory, causing a denial of service...
CVE-2026-44948
CVE-2026-44948 describes a path traversal vulnerability in Rancher Fleet’s ImageScan subsystem, specifically in the GitRepo Path Handler. Affected versions are Rancher Fleet 0.12.0–0.12.16, 0.13.0–0.13.12, 0.14.0–0.14.7, and 0.15.0–0.15.3. The issue allows traversal outside the intended directory...
PT-2026-38359
Name of the Vulnerable Software and Affected Versions Rancher versions prior to v2.14.1 Rancher versions prior to v2.13.5 Rancher versions prior to v2.12.9 Rancher versions prior to v2.11.13 Rancher version v2.10.11 Description Fleet's Helm deployer fails to fully apply ServiceAccount impersonati...
CVE-2026-41506 vulnerabilities
Vulnerabilities for packages: kyverno-fips, snyk-cli, trivy, packer-fips, xeol, grype-db, wolfictl, argocd-image-updater, cerbos, kubescape-server, trivy-operator, kots, pulumi-kubernetes-operator, zot, kyverno, syft-fips, src-fingerprint, gomplate, grafana-alloy, dagger, cloudbeat, packer,...
CVE-2026-35469 vulnerabilities
Vulnerabilities for packages: k9s, kwok, infinispan-operator, kubeflow-pipelines, gitlab-runner, skaffold, trivy-operator, hubble, k3s, k8sgpt-operator, kubernetes-dashboard-api, velero, argo-cd, cilium, cluster-api, terraform-provider-kubernetes, rancher-fleet, headlamp, consul-k8s, rancher,...
GHSA-PC3F-X583-G7J2 vulnerabilities
Vulnerabilities for packages: k9s, kwok, infinispan-operator, kubeflow-pipelines, gitlab-runner, skaffold, trivy-operator, hubble, k3s, k8sgpt-operator, kubernetes-dashboard-api, velero, argo-cd, cilium, cluster-api, terraform-provider-kubernetes, rancher-fleet, headlamp, consul-k8s, rancher,...
GHSA-Q5JF-9VFQ-H4H7 vulnerabilities
Vulnerabilities for packages: flux, kuma, zarf, cilium-cli, helm-push, flux-source-controller, kots, cert-manager-cmctl, rancher-fleet...
CVE-2026-35205 vulnerabilities
Vulnerabilities for packages: flux, kuma, zarf, cilium-cli, helm-push, flux-source-controller, kots, cert-manager-cmctl, rancher-fleet...
CVE-2026-35204 vulnerabilities
Vulnerabilities for packages: flux, kuma, zarf, cilium-cli, helm-push, flux-source-controller, kots, cert-manager-cmctl, rancher-fleet...
GHSA-VMX8-MQV2-9GMG vulnerabilities
Vulnerabilities for packages: flux, kuma, zarf, cilium-cli, helm-push, flux-source-controller, kots, cert-manager-cmctl, rancher-fleet...
CVE-2026-35206 vulnerabilities
Vulnerabilities for packages: k9s, zot, chartmuseum, trivy-operator, nova, helm-set-status, rancher-fleet, headlamp, consul-k8s, flux, k8ssandra-client, cerbos, eksctl, kuma, teleport, pluto, envoy-gateway, zarf, cilium-cli, helm-docs, helm-mapkubeapis, cluster-api-helm-controller, harbor, trivy,...
GHSA-HR2V-4R36-88HR vulnerabilities
Vulnerabilities for packages: k9s, zot, chartmuseum, trivy-operator, nova, helm-set-status, rancher-fleet, headlamp, consul-k8s, flux, k8ssandra-client, cerbos, eksctl, kuma, teleport, pluto, envoy-gateway, zarf, cilium-cli, helm-docs, helm-mapkubeapis, cluster-api-helm-controller, harbor, trivy,...
CVE-2026-35205 vulnerabilities
Vulnerabilities for packages: helm-push, rancher-fleet, kots, helm-diff, flux, kuma, cert-manager-cmctl, cilium-cli, gitlab-operator-fips, zarf-fips, flux-source-controller, helm-diff-fips, zarf, flux-fips, gitlab-operator, flux-source-controller-fips, cert-manager-cmctl-fips, rancher-fleet-fips...
GHSA-Q5JF-9VFQ-H4H7 vulnerabilities
Vulnerabilities for packages: helm-push, rancher-fleet, kots, helm-diff, flux, kuma, cert-manager-cmctl, cilium-cli, gitlab-operator-fips, zarf-fips, flux-source-controller, helm-diff-fips, zarf, flux-fips, gitlab-operator, flux-source-controller-fips, cert-manager-cmctl-fips, rancher-fleet-fips...
CVE-2026-35204 vulnerabilities
Vulnerabilities for packages: helm-push, rancher-fleet, kots, helm-diff, flux, kuma, cert-manager-cmctl, cilium-cli, gitlab-operator-fips, zarf-fips, flux-source-controller, helm-diff-fips, zarf, flux-fips, gitlab-operator, flux-source-controller-fips, cert-manager-cmctl-fips, rancher-fleet-fips...
GHSA-VMX8-MQV2-9GMG vulnerabilities
Vulnerabilities for packages: helm-push, rancher-fleet, kots, helm-diff, flux, kuma, cert-manager-cmctl, cilium-cli, gitlab-operator-fips, zarf-fips, flux-source-controller, helm-diff-fips, zarf, flux-fips, gitlab-operator, flux-source-controller-fips, cert-manager-cmctl-fips, rancher-fleet-fips...
GHSA-HR2V-4R36-88HR vulnerabilities
Vulnerabilities for packages: headlamp-fips, helm-exporter, kube-arangodb-fips, nova, consul-k8s-fips, tigera-operator, cloudbeat-fips, trivy, helm-set-status, trivy-operator-fips, nova-fips, k8ssandra-client-fips, rancher-fleet, chaos-mesh, envoy-gateway, jfrog-cli, helm-mapkubeapis,...
CVE-2026-32288 vulnerabilities
Vulnerabilities for packages: kube-fluentd-operator, qemu-guesthelper, kine, newrelic-infrastructure-agent, azuredisk-csi-fips, dive, regclient, buildah-fips, rancher-machine, prometheus-fips, zot, localstack, cilium-envoy, filebrowser, cloudbeat, kubernetes-csi-driver-nfs, elastic-agent-fips,...
GHSA-X4JJ-H2V8-HQQV vulnerabilities
Vulnerabilities for packages: kube-fluentd-operator, qemu-guesthelper, kine, newrelic-infrastructure-agent, azuredisk-csi-fips, dive, regclient, buildah-fips, rancher-machine, prometheus-fips, zot, localstack, cilium-envoy, filebrowser, cloudbeat, kubernetes-csi-driver-nfs, elastic-agent-fips,...
CVE-2026-33762 vulnerabilities
Vulnerabilities for packages: kyverno-fips, snyk-cli, trivy, packer-fips, xeol, grype-db, wolfictl, argocd-image-updater, cerbos, kubescape-server, trivy-operator, kots, chezmoi, pulumi-kubernetes-operator, zot, kyverno, syft-fips, src-fingerprint, gomplate, grafana-alloy, livekit-cli, dagger,...