CVE-2026-44935

EUVD-2026-41408
Missing validation of "valuesFrom" references in Helm Deployer of SUSE Rancher Fleet 0.15 before 0.15.2, 0.14 before 0.14.6, 0.13 before 0.13.11 and 0.12 before 0.12.15 could be used by owners of one tenant to access fleet credentials of other tenants.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
suseCNA
9.9 CRITICAL
NETWORK
LOW
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: Unknown
Early Detection
Affected products identified ahead of NVD analysis through intelligence sources.
VendorProductVersionSource
suserancher
0.15.0 ≤
𝑥
< 0.15.2
CNA
suserancher
0.14.0 ≤
𝑥
< 0.14.6
CNA
suserancher
0.13.0 ≤
𝑥
< 0.13.11
CNA
suserancher
0.12.0 ≤
𝑥
< 0.12.15
CNA