CVE-2026-44935
CRITICAL
9.9
CVSS 3.1
Description
Missing validation of "valuesFrom" references in Helm Deployer of SUSE Rancher Fleet 0.15 before 0.15.2, 0.14 before 0.14.6, 0.13 before 0.13.11 and 0.12 before 0.12.15 could be used by owners of one tenant to access fleet credentials of other tenants.
Metadata
Severity & Metrics
9.9
CRITICAL CVSS 3.1
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
SSVC — CISA Coordinator
Affected products (1)
| Vendor | Product | Platform | Versions |
|---|---|---|---|
| SUSE | Rancher | — | 0.15.0 < 0.15.2, 0.14.0 < 0.14.6, 0.13.0 < 0.13.11, 0.12.0 < 0.12.15 |
Weakness (CWE)
| CWE | Source | Description |
|---|---|---|
| CWE-1287 | cna | CWE-1287 Improper validation of specified type of input |
CVSS scores (1)
| Score | Severity | Version | Source | Vector |
|---|---|---|---|---|
| 9.9 | CRITICAL | 3.1 | cna | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H |