CVE Catalog

CVE-2026-44935

CriticalCVSS 9.9
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.57%

43th percentile — higher than 43% of all known CVEs

Summary

Missing validation of 'valuesFrom' references in Helm Deployer of SUSE Rancher Fleet allows owners of one tenant to access fleet credentials of other tenants. The vulnerability affects versions 0.15 before 0.15.2, 0.14 before 0.14.6, 0.13 before 0.13.11, and 0.12 before 0.12.15.

Risk Assessment

The risk involves unauthorized access to other tenants' fleet credentials, potentially leading to data confidentiality and integrity breaches in a multi-tenant environment.

Recommendation

Immediately upgrade SUSE Rancher Fleet to version 0.15.2, 0.14.6, 0.13.11, or 0.12.15 depending on the branch in use.

Original NVD description (English source)

Missing validation of "valuesFrom" references in Helm Deployer of SUSE Rancher Fleet 0.15 before 0.15.2, 0.14 before 0.14.6, 0.13 before 0.13.11 and 0.12 before 0.12.15 could be used by owners of one tenant to access fleet credentials of other tenants.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS