50 matches found
CVE-2026-44935
Missing validation of "valuesFrom" references in Helm Deployer of SUSE Rancher Fleet 0.15 before 0.15.2, 0.14 before 0.14.6, 0.13 before 0.13.11 and 0.12 before 0.12.15 could be used by owners of one tenant to access fleet credentials of other tenants...
CVE-2026-44935
The vulnerability (CVE-2026-44935) affects SUSE Rancher Fleet’s Helm Deployer where missing validation of valuesFrom references enables cross-tenant access to fleet credentials stored in secrets/config maps on downstream clusters. Affected versions include Fleet 0.15.x before 0.15.2, 0.14.x befor...
CVE-2026-44935 Rancher Fleet vulnerable to cross namespace secret disclosure via unvalidated `valuesFrom` references in Helm Deployer
Missing validation of "valuesFrom" references in Helm Deployer of SUSE Rancher Fleet 0.15 before 0.15.2, 0.14 before 0.14.6, 0.13 before 0.13.11 and 0.12 before 0.12.15 could be used by owners of one tenant to access fleet credentials of other tenants...
CVE-2026-44935
Missing validation of "valuesFrom" references in Helm Deployer of SUSE Rancher Fleet 0.15 before 0.15.2, 0.14 before 0.14.6, 0.13 before 0.13.11 and 0.12 before 0.12.15 could be used by owners of one tenant to access fleet credentials of other tenants...
Rancher Fleet vulnerable to cross namespace secret disclosure via unvalidated `valuesFrom` references in Helm Deployer
Impact A vulnerability in Fleet for Rancher Manager affects multi-tenancy environments where different tenants share the same downstream clusters e.g., different privileged or untrusted teams inside the same organization. On unpatched versions, tenants could bypass restrictions to access any conf...
CVE-2026-44948
A path traversal vulnerability was found in Fleet's ImageScan subsystem in Rancher Fleet 0.12.0 up to 0.12.16, 0.13.0 up to 0.13.12, 0.14.0 up to 0.14.7 and 0.15.0 up to 0.15.3 could be used to traverse outside of the intended directory, causing a denial of service...
CVE-2026-44948
CVE-2026-44948 describes a path traversal vulnerability in Rancher Fleet’s ImageScan subsystem, specifically in the GitRepo Path Handler. Affected versions are Rancher Fleet 0.12.0–0.12.16, 0.13.0–0.13.12, 0.14.0–0.14.7, and 0.15.0–0.15.3. The issue allows traversal outside the intended directory...
PT-2026-38359
Name of the Vulnerable Software and Affected Versions Rancher versions prior to v2.14.1 Rancher versions prior to v2.13.5 Rancher versions prior to v2.12.9 Rancher versions prior to v2.11.13 Rancher version v2.10.11 Description Fleet's Helm deployer fails to fully apply ServiceAccount impersonati...
CVE-2026-41506 vulnerabilities
Vulnerabilities for packages: k9s, kubescape-server-fips, terragrunt-fips, commercial-chainloop-cli, rancher-fleet-fips, act, jfrog-cli, argocd-image-updater-fips, trivy, cerbos, goreleaser, grafana, melange, packer-fips, flux-image-automation-controller-fips, trufflehog-fips, nemo, mapotf,...
GHSA-PC3F-X583-G7J2 vulnerabilities
Vulnerabilities for packages: trivy, cert-manager-istio-csr, argo-cd, kubernetes-dashboard-api, k8sgpt, kubeflow-pipelines, rancher, kubevela, emissary, eksctl, falcoctl, rancher-agent, k3s, cri-tools, cilium, kiali, kubescape, cluster-api, headlamp, envoy-gateway, kwok, argo-workflows,...
CVE-2026-35469 vulnerabilities
Vulnerabilities for packages: trivy, cert-manager-istio-csr, argo-cd, kubernetes-dashboard-api, k8sgpt, kubeflow-pipelines, rancher, kubevela, emissary, eksctl, falcoctl, rancher-agent, k3s, cri-tools, cilium, kiali, kubescape, cluster-api, headlamp, envoy-gateway, kwok, argo-workflows,...
GHSA-VMX8-MQV2-9GMG vulnerabilities
Vulnerabilities for packages: flux-source-controller, helm-push, kots, rancher-fleet, flux, zarf, kuma, cilium-cli, cert-manager-cmctl...
GHSA-Q5JF-9VFQ-H4H7 vulnerabilities
Vulnerabilities for packages: flux-source-controller, helm-push, kots, rancher-fleet, flux, zarf, kuma, cilium-cli, cert-manager-cmctl...
CVE-2026-35204 vulnerabilities
Vulnerabilities for packages: flux-source-controller, helm-push, kots, rancher-fleet, flux, zarf, kuma, cilium-cli, cert-manager-cmctl...
CVE-2026-35205 vulnerabilities
Vulnerabilities for packages: flux-source-controller, helm-push, kots, rancher-fleet, flux, zarf, kuma, cilium-cli, cert-manager-cmctl...
GHSA-HR2V-4R36-88HR vulnerabilities
Vulnerabilities for packages: trivy, helm-operator, zot, eksctl, pluto, kubescape, headlamp, cerbos, envoy-gateway, flux, kuma, chartmuseum, flux-source-controller, kots, cluster-api-helm-controller, consul-k8s, nova, tigera-operator, harbor, helm-mapkubeapis, zarf, teleport, tw, cilium-cli,...
CVE-2026-35206 vulnerabilities
Vulnerabilities for packages: trivy, helm-operator, zot, eksctl, pluto, kubescape, headlamp, cerbos, envoy-gateway, flux, kuma, chartmuseum, flux-source-controller, kots, cluster-api-helm-controller, consul-k8s, nova, tigera-operator, harbor, helm-mapkubeapis, zarf, teleport, tw, cilium-cli,...
CVE-2026-35204 vulnerabilities
Vulnerabilities for packages: cert-manager-cmctl-fips, flux, kots, cert-manager-cmctl, helm-diff-fips, helm-diff, helm-push, cilium-cli, rancher-fleet, rancher-fleet-fips, zarf, flux-source-controller-fips, flux-fips, zarf-fips, kuma, flux-source-controller, gitlab-operator, gitlab-operator-fips...
CVE-2026-35205 vulnerabilities
Vulnerabilities for packages: cert-manager-cmctl-fips, flux, kots, cert-manager-cmctl, helm-diff-fips, helm-diff, helm-push, cilium-cli, rancher-fleet, rancher-fleet-fips, zarf, flux-source-controller-fips, flux-fips, zarf-fips, kuma, flux-source-controller, gitlab-operator, gitlab-operator-fips...
GHSA-Q5JF-9VFQ-H4H7 vulnerabilities
Vulnerabilities for packages: cert-manager-cmctl-fips, flux, kots, cert-manager-cmctl, helm-diff-fips, helm-diff, helm-push, cilium-cli, rancher-fleet, rancher-fleet-fips, zarf, flux-source-controller-fips, flux-fips, zarf-fips, kuma, flux-source-controller, gitlab-operator, gitlab-operator-fips...