CVE-2026-44935
CriticalCVSS 9.9Exploitation Probability (EPSS)
Low risk43th percentile — higher than 43% of all known CVEs
Summary
Missing validation of 'valuesFrom' references in Helm Deployer of SUSE Rancher Fleet allows owners of one tenant to access fleet credentials of other tenants. The vulnerability affects versions 0.15 before 0.15.2, 0.14 before 0.14.6, 0.13 before 0.13.11, and 0.12 before 0.12.15.
Risk Assessment
The risk involves unauthorized access to other tenants' fleet credentials, potentially leading to data confidentiality and integrity breaches in a multi-tenant environment.
Recommendation
Immediately upgrade SUSE Rancher Fleet to version 0.15.2, 0.14.6, 0.13.11, or 0.12.15 depending on the branch in use.
Original NVD description (English source)
Missing validation of "valuesFrom" references in Helm Deployer of SUSE Rancher Fleet 0.15 before 0.15.2, 0.14 before 0.14.6, 0.13 before 0.13.11 and 0.12 before 0.12.15 could be used by owners of one tenant to access fleet credentials of other tenants.

