CVE-2026-44935

Summary

Missing validation of "valuesFrom" references in Helm Deployer of SUSE Rancher Fleet 0.15 before 0.15.2, 0.14 before 0.14.6, 0.13 before 0.13.11 and 0.12 before 0.12.15 could be used by owners of one tenant to access fleet credentials of other tenants.

Affected Software

VendorProductVersion RangeStatus
SUSERancher0.15.0 < 0.15.2affected
SUSERancher0.14.0 < 0.14.6affected
SUSERancher0.13.0 < 0.13.11affected
SUSERancher0.12.0 < 0.12.15affected

Weaknesses

  • CWE-1287: CWE-1287 Improper validation of specified type of input

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References