CVE-2026-44935 - Rancher Fleet vulnerable to cross namespace secret disclosure via unvalidated `valuesFrom` references in Helm Deployer
CVE ID :CVE-2026-44935
Published : July 2, 2026, 4 p.m. | 2 hours, 43 minutes ago
Description :Missing validation of "valuesFrom" references in Helm Deployer of SUSE Rancher Fleet 0.15 before 0.15.2, 0.14 before 0.14.6, 0.13 before 0.13.11 and 0.12 before 0.12.15 could be used by owners of one tenant to access fleet credentials of other tenants.
Severity: 9.9 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
Published : July 2, 2026, 4 p.m. | 2 hours, 43 minutes ago
Description :Missing validation of "valuesFrom" references in Helm Deployer of SUSE Rancher Fleet 0.15 before 0.15.2, 0.14 before 0.14.6, 0.13 before 0.13.11 and 0.12 before 0.12.15 could be used by owners of one tenant to access fleet credentials of other tenants.
Severity: 9.9 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...