CVE-2026-44936 PUBLISHED

Rancher Fleet SSRF in Bundle Reader via Unvalidated Helm Repository URL in fleet.yaml

Assigner: suse
Reserved: 08.05.2026 Published: 06.07.2026 Updated: 06.07.2026

Missing filtering when the helmRepoURLRegex field isn't set on a GitRepo resource in SUSE Rancher Fleet's bundle reader in 0.15 before 0.15.2, 0.14 before 0.14.6, 0.13 before 0.13.11 and 0.12 before 0.12.15 forwards Helm authentication credentials (BasicAuth) to any URL specified in the helm.repo field of a fleet.yaml file, allowing attackers able to push to fleet monitored git repos to leak helm access credentials.

Metrics

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N
CVSS Score: 5

Product Status

Vendor SUSE
Product Rancher
Versions Default: unaffected
  • affected from 0.15.0 to 0.15.2 (excl.)
  • affected from 0.14.0 to 0.14.6 (excl.)
  • affected from 0.13.0 to 0.13.11 (excl.)
  • affected from 0.12.0 to 0.12.15 (excl.)

References

Problem Types

  • CWE-918 Server-Side request forgery (SSRF) CWE

Impacts

  • CAPEC-122 Privilege Abuse