CVE-2026-44936

Summary

Missing filtering when the helmRepoURLRegex field isn't set on a GitRepo resource in SUSE Rancher Fleet's bundle reader in 0.15 before 0.15.2, 0.14 before 0.14.6, 0.13 before 0.13.11 and 0.12 before 0.12.15 forwards Helm authentication credentials (BasicAuth) to any URL specified in the helm.repo field of a fleet.yaml file, allowing attackers able to push to fleet monitored git repos to leak helm access credentials.

Affected Software

VendorProductVersion RangeStatus
SUSERancher0.15.0 < 0.15.2affected
SUSERancher0.14.0 < 0.14.6affected
SUSERancher0.13.0 < 0.13.11affected
SUSERancher0.12.0 < 0.12.15affected

Weaknesses

  • CWE-918: CWE-918 Server-Side request forgery (SSRF)

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References