CVE-2026-44936

MEDIUM

Rancher Fleet SSRF in Bundle Reader via Unvalidated Helm Repository URL in fleet.yaml

Title source: cna
STIX 2.1

Description

Missing filtering when the helmRepoURLRegex field isn't set on a GitRepo resource in SUSE Rancher Fleet's bundle reader in 0.15 before 0.15.2, 0.14 before 0.14.6, 0.13 before 0.13.11 and 0.12 before 0.12.15 forwards Helm authentication credentials (BasicAuth) to any URL specified in the helm.repo field of a fleet.yaml file, allowing attackers able to push to fleet monitored git repos to leak helm access credentials.

References (1)

Core 1
Core References
Vendor Advisory vendor-advisory
https://github.com/advisories/GHSA-hx4v-cxpf-vh8m

Scores

CVSS v3 5.0
EPSS 0.0037
EPSS Percentile 29.0%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N

CISA SSVC

Vulnrichment
Exploitation none
Automatable no
Technical Impact partial

Details

CWE
CWE-918
Status published
Products (4)
SUSE/Rancher 0.12.0 - 0.12.15
SUSE/Rancher 0.13.0 - 0.13.11
SUSE/Rancher 0.14.0 - 0.14.6
SUSE/Rancher 0.15.0 - 0.15.2
Published Jul 06, 2026
Tracked Since Jul 06, 2026