CVE-2026-44935: Multi-tenant Isolation Flaw in SUSE Rancher Fleet
| Field | Value |
|---|---|
| CVE ID | CVE-2026-44935 |
| CVSS score | 9.9 (Critical) |
| Attack vector | Unknown from retrieved NVD data; defenders should assume network-reachable management exposure until validated in their environment |
| Auth required | Yes. The issue is described as exploitable by an owner of one tenant |
| Patch status | Fixed releases available: 0.12.15, 0.13.11, 0.14.6, 0.15.2 |
TL;DR - Critical Fleet flaw lets one tenant owner access other tenants’ Fleet credentials. - Affects Fleet 0.12.0-0.12.14, 0.13.0-0.13.10, 0.14.0-0.14.5, and 0.15.0-0.15.1. - Patch quickly in multi-tenant environments; no confirmed in-the-wild exploitation or verified public PoC is known from current primary sources.
What is CVE-2026-44935?
CVE-2026-44935 is a critical vulnerability in SUSE Rancher Fleet caused by missing validation of valuesFrom references in the Helm Deployer component. According to the NVD description, the bug can be used by owners of one tenant to access Fleet credentials belonging to other tenants. This makes it a tenant-isolation failure, not just a local misconfiguration issue.
The practical risk is significant because Fleet is part of a GitOps and deployment automation workflow. If a tenant can resolve or pull values from references that should be outside its authorization boundary, the result can be credential exposure across tenants. In shared Kubernetes or platform-team-operated environments, that can create a path from one legitimate but lower-trust tenant into the secrets or deployment context of another.
Technical Notes
The exact implementation details of the validation failure were not included in the retrieved NVD output, and this article does not invent them. What is known from the primary description is the affected mechanism: valuesFrom handling in Helm Deployer. Defenders should focus on any Fleet workflow where Helm values are sourced indirectly from referenced Kubernetes objects or externalized configuration.
A generic example of the risky pattern area looks like this:
helm:
valuesFrom:
- secretKeyRef:
name: some-secret
key: values.yaml
In a secure design, references like the above should be strictly validated for namespace, tenancy, and authorization scope. The vulnerability indicates that validation was insufficient in affected releases.
Affected Versions and Fixed Releases
The affected version ranges are specifically documented in the CVE record. Vulnerable releases are:
| Branch | Affected Versions | Fixed Version |
|---|---|---|
| 0.12 | 0.12.0 through 0.12.14 | 0.12.15 |
| 0.13 | 0.13.0 through 0.13.10 | 0.13.11 |
| 0.14 | 0.14.0 through 0.14.5 | 0.14.6 |
| 0.15 | 0.15.0 through 0.15.1 | 0.15.2 |
If you run SUSE Rancher Fleet in any of those ranges, you should treat the instance as exposed to cross-tenant credential access until upgraded. This is especially urgent for hosted internal platforms, shared clusters, managed service environments, or any deployment where different teams or customers have separate tenant ownership.
The fixed versions are also clearly stated: 0.12.15, 0.13.11, 0.14.6, and 0.15.2. If your Fleet deployment is on one of those releases or newer within the same maintained line, the specific issue described by CVE-2026-44935 should be addressed. If you do not know your Fleet version, validate that immediately before making assumptions about exposure.
Technical Notes
You can inventory Fleet components in Kubernetes with standard commands. The exact namespace and release naming may vary by deployment, so adjust selectors to match your environment.
kubectl get deployments -A | grep -i fleet
kubectl get pods -A | grep -i fleet
helm list -A | grep -i fleet
To inspect image tags or chart versions in-cluster:
kubectl get deployment -A -o json | jq -r '
.items[]
| select(.metadata.name|test("fleet"; "i"))
| [.metadata.namespace, .metadata.name, (.spec.template.spec.containers[]?.image // "")]
| @tsv'
If your deployment is managed through Helm, confirm the chart/app version before and after maintenance:
helm status <release-name> -n <namespace>
helm history <release-name> -n <namespace>
Why This Matters Operationally
A CVSS 9.9 score puts this in the highest urgency bucket, but the operational impact matters more than the raw score. This flaw breaks tenant isolation in a product explicitly used to manage deployment state across Kubernetes environments. Once a tenant boundary fails in a control-plane-adjacent component, the blast radius can extend beyond simple read access.
The explicit impact in the advisory language is access to Fleet credentials of other tenants. Depending on how Fleet credentials are scoped in your environment, that may expose repository access, downstream cluster interaction, or deployment-related secrets. Even where the credential scope is narrow, any cross-tenant secret access should be treated as a serious incident class because it undermines platform trust and segregation guarantees.
Technical Notes
The exact CVSS vector string was not available in the retrieved NVD data. That means defenders should avoid guessing whether the issue is considered network, adjacent, or otherwise by the scoring authority. In practice, you should assume exposure exists anywhere a tenant owner can interact with Fleet-managed Helm deployment workflows that use valuesFrom references.
A useful scoping question for defenders is: do tenant owners have the ability to define or influence Helm values sources through GitOps repos, Fleet bundles, or namespace-scoped objects? If yes, prioritize those environments first for upgrade and review.
Exploitation Status and Threat Intelligence
As of 2026-07-02, there is no verified evidence from the primary sources used here that exploitation is confirmed in the wild. The CVE is not listed in CISA’s Known Exploited Vulnerabilities catalog based on the current check noted in the research material. That means there is no CISA-confirmed active exploitation status at this time.
There is also no verified public proof-of-concept established from the referenced primary materials. The NVD record and GitHub advisory were available, but no confirmed exploit repository or PoC code was identified in the supplied research. That does not reduce the importance of patching. For multi-tenant flaws, exploitability often depends more on product knowledge and access to a valid tenant account than on mass-exploitation tooling.
Technical Notes
In the absence of a public PoC, defenders should assume capable internal users or attackers with compromised tenant-owner access may be able to reproduce the issue once patch details are studied. That is a common pattern for authorization and validation flaws in management platforms.
Because exploitation is not confirmed, response priority should be based on architecture rather than headlines. Single-tenant or lab environments may have lower practical exposure, while shared production platforms should treat this as a fast-turn remediation item.
What Defenders Should Do Next
First, determine whether you run any affected Fleet version: 0.12.0 through 0.12.14, 0.13.0 through 0.13.10, 0.14.0 through 0.14.5, or 0.15.0 through 0.15.1. If yes, prioritize upgrades in environments with multiple tenants, delegated application teams, or any user population that can influence Helm value sources.
Second, conduct a focused review of recent tenant-driven deployment changes. Look for unusual valuesFrom references, secret access patterns spanning namespaces, or credentials that may have been exposed to unauthorized tenants. Because no confirmed exploitation data is currently available, defenders should not assume safety; they should assume limited visibility and act accordingly.
For further information on related vulnerabilities, check out our articles on CVE-2026-11450 and CVE-2026-31431.
How to Detect Possible Abuse
There is no vendor-published detection signature in the source material provided, so defenders need to approach detection indirectly. Start by identifying whether tenants can define valuesFrom references in Fleet-managed Helm workloads, then review recent changes by tenant owners involving secret references, config map references, or unusual cross-namespace object names.
You should also examine Fleet, Kubernetes audit, and admission-related logs for patterns that suggest a tenant referenced objects outside its expected namespace or management boundary. Because the issue is about missing validation rather than malformed syntax, suspicious activity may appear as a legitimate deployment action that unexpectedly resolves values from unauthorized locations.
Technical Notes
A practical starting point is to hunt for valuesFrom usage in Git repositories and in live Kubernetes objects:
grep -Rni "valuesFrom" /path/to/fleet-config-repos
kubectl get gitrepos,bundles,bundledeployments -A -o yaml | grep -n "valuesFrom"
If Kubernetes audit logs are enabled, look for tenant-owned service accounts or user identities reading secrets outside their expected namespace patterns. For example, in JSON-formatted audit logs:
jq -r '
select(.verb=="get" or .verb=="list" or .verb=="watch")
| select(.objectRef.resource=="secrets")
| [.requestReceivedTimestamp, .user.username, .objectRef.namespace, .objectRef.name]
| @tsv' /var/log/kubernetes/audit.log
Concrete log pattern to review:
"objectRef":{"resource":"secrets","namespace":"<other-tenant-namespace>"
Example Splunk-style query for cross-namespace secret access from Fleet-related identities:
index=kube_audit objectRef.resource=secrets (verb=get OR verb=list OR verb=watch)
| search user.username="system:serviceaccount:*fleet*" OR user.username="*tenant*"
| stats count values(objectRef.name) by user.username objectRef.namespace sourceIPs{}
If your logs do not include sufficient detail, assume detection coverage is weak and prioritize patching plus retrospective review of tenant-driven deployments.
Mitigation and Patching Guidance
The primary mitigation is to upgrade to a fixed Fleet release: 0.12.15, 0.13.11, 0.14.6, or 0.15.2, depending on your current branch. Because this is a tenant-isolation and credential-exposure issue, delaying patching until a normal cycle may be hard to justify in shared environments.
If an immediate upgrade is not possible, reduce exposure by tightening who can create or modify Fleet-managed Helm deployments that use valuesFrom, and by reviewing whether tenant owners can reference secrets or config sources outside their intended namespace boundaries. This is a workaround posture, not a fix. The underlying issue is a validation failure in the product, so compensating controls may be incomplete.
Technical Notes
Before upgrading, identify your release and namespace:
helm list -A | grep -i fleet
kubectl get deployment -A | grep -i fleet
Example Helm upgrade workflow, adjusting chart repo, release name, chart name, namespace, and target version to match your deployment:
helm repo update
helm upgrade <fleet-release> <chart-repo>/<chart-name> \
--namespace <fleet-namespace> \
--version 0.15.2
If you are pinned to an older maintained line, target the appropriate fixed release instead:
helm upgrade <fleet-release> <chart-repo>/<chart-name> \
--namespace <fleet-namespace> \
--version 0.14.6
For a temporary workaround while planning maintenance, restrict who can modify bundles or GitRepos that define Helm values sources, and review RBAC around secret access:
kubectl auth can-i get secrets --as=<tenant-user> -n <other-tenant-namespace>
kubectl auth can-i list secrets --as=<tenant-user> -n <other-tenant-namespace>
If those checks reveal broader-than-expected access, treat that as a separate hardening issue even after patching.
References
Primary references for CVE-2026-44935:
- NVD: https://nvd.nist.gov/vuln/detail/CVE-2026-44935
- GitHub security advisory: https://github.com/rancher/fleet/security/advisories/GHSA-xr65-5cpm-g36x
- Rancher security advisories: https://ranchermanager.docs.rancher.com/reference-guides/rancher-security/security-advisories-and-cves
- CISA KEV catalog: https://www.cisa.gov/known-exploited-vulnerabilities-catalog
Disclaimer
This article may contain affiliate links. We earn a commission on qualifying purchases at no extra cost to you.